This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: Directory traversal in `ar`
- From: Mark Wielaard <mjw at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Sun, 28 Dec 2014 12:54:42 +0100
- Subject: Re: Directory traversal in `ar`
On Sun, Dec 28, 2014 at 02:46:15AM +0300, Alexander Cherepanov wrote:
> There is a directory traversal in `ar`:
>
> # printf '!<arch>\n%-48s%-10s`\n//file/\n%-48s%-10s`\n' // 8 /1 0 > test.a
> # ar -xv test.a
> x - /file
>
> Patch attached.
Thanks, but I think we need a bit more background.
Unfortunately the ar archive format and long names format are not very
well documented. And there seem to be various different formats.
What our implementation follows is what I believe is the sysv format,
which terminates long names with a '/' and LF. So the current
implementation searches for a '/' and then creates a terminated (NUL)
string, and skips the LF (we don't actually check there is a LF).
You do terminate the string at a '/' but then start searching for the
next long name at the LF (which in your example isn't there).
So if I understand correctly we would still not support directories
in ar files. But maybe that is not the point of your patch?
Is your example something that is actually produced by another ar
implementation? Or is it an example of a bad long file name that
we don't handle properly?
Thanks,
Mark
BTW. For patches we require people to follow the guidelines in the
CONTRIBUTING file (in particular we require a Signed-off-by line):
https://git.fedorahosted.org/cgit/elfutils.git/tree/CONTRIBUTING