tar security fix

Oliver Brakmann obrakmann at gmx.net
Sun Sep 14 01:27:59 PDT 2003


X'posted to patches and lfs.security, f'up2 lfs.security.

Hi,

attached is a pretty old patch that fixes a security flaw in tar 1.13.25.
I recommend this one goes into the book.

Bye,
Oliver
-- 
/"\   ASCII Ribbon   | Reg. Linux User #198843            http://counter.li.org
\ /    Campaign -    | Reg.  LFS  User  #3082       http://linuxfromscratch.org
 x    Against HTML   |
/ \ in mail and news |
-------------- next part --------------
Submitted By: Oliver Brakmann <obrakmann at gmx dot net>
Date: 2003-09-13
Initial Package Version: 1.13.25
Origin: Bugtraq Mailing List
	http://www.securityfocus.com/archive/1/294574
Description: This patch fixes a security vulnerability by which	a specially
	crafted tarball can be used to overwrite files on the victim's system.
	See http://www.securityfocus.com/archive/1/293362 and following as
	well as references therein for details.

diff -ur tar-1.13.19.orig/src/misc.c tar-1.13.19/src/misc.c
--- tar-1.13.19.orig/src/misc.c	Sat Jan 13 08:59:29 2001
+++ tar-1.13.19/src/misc.c	Sat Sep 28 13:48:03 2002
@@ -206,12 +206,12 @@
       if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
 	return 1;

-      do
+      while (! ISSLASH (*p))
 	{
 	  if (! *p++)
 	    return 0;
 	}
-      while (! ISSLASH (*p));
+      p++;
     }
 }


More information about the lfs-security mailing list