[SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248
The following commit has been merged in the squeeze branch:
commit 608d93666fc5c4d15b2affcb17097001e10694fe
Author: Niels Thykier <niels@thykier.net>
Date: Fri Apr 5 10:15:25 2013 +0200
coll/*: Fix traversal via symlink in multiple collections
Signed-off-by: Niels Thykier <niels@thykier.net>
diff --git a/collection/copyright-file b/collection/copyright-file
index 04425dd..69f4156 100755
--- a/collection/copyright-file
+++ b/collection/copyright-file
@@ -36,10 +36,22 @@ unlink("copyright");
my $file1 = "unpacked/usr/share/doc/$pkg/copyright";
my $file2 = "unpacked/usr/doc/$pkg/copyright";
+my $docdir = 'usr/share/doc';
my $file;
if (-f $file1 ) { $file = $file1; }
-else { $file = $file2; }
+else {
+ $file = $file2;
+ $docdir = 'usr/doc';
+}
+
+if (-d "unpacked/$docdir/$pkg"
+ && !is_ancestor_of("unpacked", "unpacked/$docdir/$pkg")) {
+ # if the parent dir is outside the package, just stop here before we
+ # do something we will regret.
+ touch_file("copyright");
+ return;
+}
# If copyright was a symlink, we need to make a copy of it. Just hardlinking
# to the symlink may leave a relative symlink into a directory we can't
diff --git a/collection/doc-base-files b/collection/doc-base-files
index 3160286..ce57e04 100755
--- a/collection/doc-base-files
+++ b/collection/doc-base-files
@@ -37,6 +37,11 @@ if (-e "doc-base") {
}
if (-d "unpacked/usr/share/doc-base") {
+ if (!is_ancestor_of("unpacked", "unpacked/usr/share/doc-base")) {
+ # Unsafe
+ mkdir ("doc-base", 0777) or fail "cannot mkdir doc-base: $!";
+ return;
+ }
copy_dir('unpacked/usr/share/doc-base', 'doc-base')
or fail("cannot copy directory unpacked/usr/share/doc-base");
} else {
diff --git a/collection/init.d b/collection/init.d
index 16f7cf9..6c1204c 100755
--- a/collection/init.d
+++ b/collection/init.d
@@ -36,6 +36,11 @@ if (-e "init.d") {
}
if (-d "unpacked/etc/init.d") {
+ if (!is_ancestor_of("unpacked", "unpacked/etc/init.d")) {
+ # Unsafe, stop
+ mkdir ("init.d", 0777) or fail "cannot mkdir init.d: $!";
+ return;
+ }
copy_dir('unpacked/etc/init.d', 'init.d')
or fail("cannot copy init.d directory");
} else {
diff --git a/collection/menu-files b/collection/menu-files
index d48aa4a..a357c9b 100755
--- a/collection/menu-files
+++ b/collection/menu-files
@@ -44,6 +44,11 @@ $dirs{'methods'} = 'etc/menu-methods';
while (my ($shortn, $path) = each %dirs) {
if (-d "unpacked/$path") {
+ if (!is_ancestor_of("unpacked", "unpacked/$path")) {
+ # Unsafe, skip
+ mkdir ("menu/$shortn", 0777) or fail ("cannot mkdir menu/$shortn: $!");
+ next;
+ }
copy_dir("unpacked/$path", "menu/$shortn")
or fail("cannot copy unpacked/$path/ directory");
} else {
diff --git a/collection/override-file b/collection/override-file
index 812fee4..3cbd2fa 100755
--- a/collection/override-file
+++ b/collection/override-file
@@ -50,6 +50,11 @@ for my $override (@overrides) {
}
}
+if (defined $file and !is_ancestor_of("unpacked", $file)) {
+ # unsafe, pretend we didn't see it.
+ undef $file;
+}
+
if (not defined $file) {
# no override found
} elsif ($file =~ /\.gz$/) {
diff --git a/debian/changelog b/debian/changelog
index 9d98f1a..42eaa23 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,8 @@ lintian (2.4.3+squeeze2) stable; urgency=low
+ [NT] Fix path traversal issue that could leak information
about the host system.
+ * collection/*:
+ + [NT] Avoid reading files outside the package root.
* collection/{changelog-file,debian-readme}:
+ [NT] Ignore files in usr/doc/<pkg>.
+ [NT] Skip collection if usr/share/doc/<pkg> is not contained
--
Debian package checker
Reply to: