[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-tar] prefix field cann't trusted as part of path

From: Thomas Graf
Subject: [Bug-tar] prefix field cann't trusted as part of path
Date: Sun, 15 May 2011 11:39:13 +0200
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; de; rv: Gecko/20110221 SUSE/3.1.8 Thunderbird/3.1.8


Ustar-format: Under the condition the name field is blank und prefix field is used, you should check the filetype flag or name field. With other words spoken: you should not trust, that the given filename in prefix can be used as a part of path. So take care when appending a slash. The follwoing script shows it:

# look at the output of tar command
touch a.txt
tar -Hustar -cf a.tar a.txt
cp a.tar b.tar
# copy name field to prefix field
dd if=a.tar bs=100 count=1 2>&- | dd of=b.tar conv=notrunc seek=345 bs=1 2>&-
# wipe out name field
dd if=/dev/zero of=b.tar bs=100 count=1 conv=notrunc 2>&-
tar -tvvf a.tar
tar -tvvf b.tar

Suggestion to fix it: see attachment: basically it's one line.

I give you the permission to add the patch and the above shell code to the gnu tar project.


Attachment: tar-1.26-p1-prefix-without-slash.patch.gz
Description: application/gunzip

reply via email to

[Prev in Thread] Current Thread [Next in Thread]