diff options
author | Timo Teräs <timo.teras@iki.fi> | 2018-09-05 19:49:22 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2018-09-10 11:18:39 +0300 |
commit | d2eb263642527d7b6c8c71042a994dcea368b632 (patch) | |
tree | f8649bb2973dacee84606a1ecfe6716046c8e0b7 /Makefile | |
parent | d214c18ac51adb7317284f8f65173494cc726814 (diff) |
rework unpacking of packages and harden package file format requirements
A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.
Several hardening steps are implemented to avoid this:
- the temporary file is now always first unlinked (apk thus reserved
all filenames .apk.* to be it's working files)
- the temporary file is after that created with O_EXCL to avoid races
- the temporary file is no longer directly the archive entry name
and thus directly controlled by potentially untrusted data
- long file names and link target names are now rejected
- hard link targets are now more rigorously checked
- various additional checks added for the extraction process to
error out early in case of malformed (or old legacy) file
Reported-by: Max Justicz <max@justi.cz>
(cherry picked from commit 6484ed9849f03971eb48ee1fdc21a2f128247eb1)
Diffstat (limited to 'Makefile')
0 files changed, 0 insertions, 0 deletions