[SCM] Debian package checker branch, master, updated. 2.3.4-33-g4d7501e
The following commit has been merged in the master branch:
commit 8b57d51d295cf02c453b80e6d4a478889443dfcb
Author: Adam D. Barratt <adam@adam-barratt.org.uk>
Date: Tue Mar 23 18:49:15 2010 +0000
Fix further instances of CVE 2009-4013, missing control file sanitation
diff --git a/lib/Lintian/Collect/Changes.pm b/lib/Lintian/Collect/Changes.pm
index 85b146a..f0e1cfe 100755
--- a/lib/Lintian/Collect/Changes.pm
+++ b/lib/Lintian/Collect/Changes.pm
@@ -49,6 +49,8 @@ sub files {
next if $_ eq '';
my ($md5sum,$size,$section,$priority,$file) = split(/\s+/o, $_);
+ next if $file =~ m,/,;
+
$files{$file}{checksums}{md5} = {
'sum' => $md5sum, 'filesize' => $size,
};
@@ -66,6 +68,8 @@ sub files {
next if $_ eq '';
my ($checksum, $size, $file) = split(/\s+/o, $_);
+ next if $file =~ m,/,;
+
$files{$file}{checksums}{$alg} = {
'sum' => $checksum, 'filesize' => $size
};
diff --git a/lib/Lintian/Schedule.pm b/lib/Lintian/Schedule.pm
index 2ebdece..ad82df3 100644
--- a/lib/Lintian/Schedule.pm
+++ b/lib/Lintian/Schedule.pm
@@ -131,6 +131,8 @@ sub add_changes {
my ($md5sum,$size,$section,$priority,$file) = split(/\s+/o, $_);
+ next if $file =~ m,/,;
+
if (not -f "$arg_dir/$file") {
warning("$file does not exist, exiting");
exit 2;
diff --git a/unpack/unpack-changes-l1 b/unpack/unpack-changes-l1
index c536e12..7d777bc 100755
--- a/unpack/unpack-changes-l1
+++ b/unpack/unpack-changes-l1
@@ -48,10 +48,13 @@ mkdir("$base_dir/fields", 0777) or fail("mkdir $base_dir/fields: $!");
# create control field files
for my $field (keys %$data) {
+ my $value = $data->{$field};
+ # avoid path traversal if $field contains slashes
+ $field =~ s,/,:,g;
my $field_file = "$base_dir/fields/$field";
open(F, '>', $field_file)
or fail("cannot open file $field_file for writing: $!");
- print F $data->{$field},"\n";
+ print F $value,"\n";
close(F);
}
--
Debian package checker
Reply to: