[pacman-dev] [PATCH] be_package: validate package file paths
Allan McRae
allan at archlinux.org
Tue Nov 3 11:56:50 UTC 2015
On 03/11/15 04:04, Andrew Gregory wrote:
> Overly long paths cannot be extracted and paths with
> newlines cannot be represented in our database format.
>
> Signed-off-by: Andrew Gregory <andrew.gregory.8 at gmail.com>
> ---
> lib/libalpm/be_package.c | 15 ++++++++++++---
> test/pacman/tests/TESTS | 3 +++
> test/pacman/tests/filename-basename-too-long.py | 15 +++++++++++++++
> test/pacman/tests/filename-path-too-long.py | 20 ++++++++++++++++++++
> test/pacman/tests/filename-with-newline.py | 11 +++++++++++
> 5 files changed, 61 insertions(+), 3 deletions(-)
> create mode 100644 test/pacman/tests/filename-basename-too-long.py
> create mode 100644 test/pacman/tests/filename-path-too-long.py
> create mode 100644 test/pacman/tests/filename-with-newline.py
>
> diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c
> index 53399a3..52db319 100644
> --- a/lib/libalpm/be_package.c
> +++ b/lib/libalpm/be_package.c
> @@ -18,6 +18,7 @@
> * along with this program. If not, see <http://www.gnu.org/licenses/>.
> */
>
> +#include <limits.h>
> #include <stdlib.h>
> #include <string.h>
> #include <errno.h>
> @@ -390,7 +391,17 @@ static int add_entry_to_files_list(alpm_filelist_t *filelist,
> const size_t files_count = filelist->count;
> alpm_file_t *current_file;
> mode_t type;
> - size_t pathlen;
> + size_t pathlen = strlen(path);
> +
> + /* +2 to leave space for prepending minimal possible root and appending
> + * trailing slash if a directory */
> + if(pathlen + 2 >= PATH_MAX || strlen(mbasename(path)) >= NAME_MAX) {
> + return -1;
> + }
> + /* our database format cannot represent paths with newlines */
> + if(memchr(path, '\n', pathlen)) {
> + return -1;
> + }
>
Are these worth of debug messages?
> if(!_alpm_greedy_grow((void **)&filelist->files,
> files_size, (files_count + 1) * sizeof(alpm_file_t))) {
> @@ -399,8 +410,6 @@ static int add_entry_to_files_list(alpm_filelist_t *filelist,
>
> type = archive_entry_filetype(entry);
>
> - pathlen = strlen(path);
> -
> current_file = filelist->files + files_count;
>
> /* mtree paths don't contain a tailing slash, those we get from
More information about the pacman-dev
mailing list