main/tar/tar-extract-pathname-bypass-CVE-2016-6321.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

--- a/lib/paxnames.c
+++ b/lib/paxnames.c
@@ -18,6 +18,7 @@
 #include <system.h>
 #include <hash.h>
 #include <paxlib.h>
+#include <quotearg.h>
 
 
 /* Hash tables of strings.  */
@@ -114,7 +115,15 @@
       for (p = file_name + prefix_len; *p; )
 	{
           if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
-	    prefix_len = p + 2 - file_name;
+            {
+	      static char const *const diagnostic[] =
+	      {
+		N_("%s: Member name contains '..'"),
+		N_("%s: Hard link target contains '..'")
+	      };
+	      FATAL_ERROR ((0, 0, _(diagnostic[link_target]),
+	                    quotearg_colon (file_name)));
+	    }
 
 	  do
 	    {