Prevent archive memebers with illegal pathnames from being extracted from an archive.

PR binutils/17552, binutils/17533 * bucomm.c (is_valid_archive_path): New function. Returns false for absolute pathnames and pathnames that include /../. * bucomm.h (is_valid_archive_path): Add prototype. * ar.c (extract_file): Use new function to check for valid pathnames when extracting files from an archive. * objcopy.c (copy_archive): Likewise. * doc/binutils.texi: Update documentation to mention the limitation on pathname of archive members.
author: Nick Clifton <nickc@redhat.com> 2014-11-06 14:49:10 +0000
committer: Nick Clifton <nickc@redhat.com> 2014-11-06 14:49:10 +0000
commit: dd9b91de2149ee81d47f708e7b0bbf57da10ad42 (patch)
tree: 9abc44b553f584ed318e6747e7f49d1095ea13c6 /binutils/bucomm.c
parent: 834107255bbefceb445fa733ebc1ea5d9f41ec7f (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/binutils/bucomm.c b/binutils/bucomm.c
index fd73070623..b8deff50a5 100644
--- a/binutils/bucomm.c
+++ b/binutils/bucomm.c
@@ -624,3 +624,29 @@ bfd_get_archive_filename (const bfd *abfd)
 	   bfd_get_filename (abfd));
   return buf;
 }
+
+/* Returns TRUE iff PATHNAME, a filename of an archive member,
+   is valid for writing.  For security reasons absolute paths
+   and paths containing /../ are not allowed.  See PR 17533.  */
+
+bfd_boolean
+is_valid_archive_path (char const * pathname)
+{
+  const char * n = pathname;
+
+  if (IS_ABSOLUTE_PATH (n))
+    return FALSE;
+
+  while (*n)
+    {
+      if (*n == '.' && *++n == '.' && ( ! *++n || IS_DIR_SEPARATOR (*n)))
+	return FALSE;
+
+      while (*n && ! IS_DIR_SEPARATOR (*n))
+	n++;
+      while (IS_DIR_SEPARATOR (*n))
+	n++;
+    }
+
+  return TRUE;
+}
author	Nick Clifton <nickc@redhat.com>	2014-11-06 14:49:10 +0000
committer	Nick Clifton <nickc@redhat.com>	2014-11-06 14:49:10 +0000
commit	dd9b91de2149ee81d47f708e7b0bbf57da10ad42 (patch)
tree	9abc44b553f584ed318e6747e7f49d1095ea13c6 /binutils/bucomm.c
parent	834107255bbefceb445fa733ebc1ea5d9f41ec7f (diff)