diff options
author | Simon Gomizelj <simongmzlj@gmail.com> | 2013-05-22 06:43:11 +0200 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2013-06-04 05:45:12 +0200 |
commit | dd62fde53ec00f1b08d312951b919e15050efe86 (patch) | |
tree | f0e2376a933734276a74b7445687bfba724aef08 /lib/libalpm/.gitignore | |
parent | fe794ccb25d3ab1f7c07331b437b61c30c08a018 (diff) | |
download | pacman-dd62fde53ec00f1b08d312951b919e15050efe86.tar.gz pacman-dd62fde53ec00f1b08d312951b919e15050efe86.tar.xz |
validate %FILEPATH% when parsing repo dbs
Currently we make no effort to validate the %FILENAME% field in the
repo db. This allows for relative paths to be considered valid.
A carefully crafted db entry with a malicious relative path,
(e.g. `../../../../etc/passwd`) will cause pacman to to
overwrite _any_ file on the target's machine.
Add the following validation:
- doesn't start with '.'
- doesn't contain a '/'
- won't overflow PATH_MAX
Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'lib/libalpm/.gitignore')
0 files changed, 0 insertions, 0 deletions