fix potential directory traversal in cvd unpacker

git-svn: trunk@1614
20 years ago · 4fac726f7a
parent 9942b87610
commit 4fac726f7a
2 changed files with 15 additions and 2 deletions
--- a/clamav-devel/ChangeLog
+++ b/clamav-devel/ChangeLog
@ -1,3 +1,9 @@
+Mon Jun 13 11:49:04 CEST 2005 (tk)
+----------------------------------
+  * libclamav/cvd.c: fix potential directory traversal in cvd unpacker (a low
+		     risk problem since all databases are digitally signed).
+		     Pointed out by Florian Weimer <fw*deneb.enyo.de>
+
 Sun Jun 12 11:24:59 CEST 2005 (tk)
 ----------------------------------
  * clamscan: improve output handling
--- a/clamav-devel/libclamav/cvd.c
+++ b/clamav-devel/libclamav/cvd.c
@ -1,5 +1,5 @@
 /*
- *  Copyright (C) 2003 - 2004 Tomasz Kojm <tkojm@clamav.net>
+ *  Copyright (C) 2003 - 2005 Tomasz Kojm <tkojm@clamav.net>
 *
 *  untgz() is based on public domain minitar utility by Charles G. Waldman
 *
@ -54,7 +54,6 @@ int cli_untgz(int fd, const char *destdir)
 	return -1;
    }

-
    fullname = (char *) calloc(sizeof(char), strlen(destdir) + 100 + 5);

    while(1) {
@ -77,6 +76,14 @@ int cli_untgz(int fd, const char *destdir)

 	    strncpy(name, block, 100);
 	    name[100] = '\0';
+
+	    if(strchr(name, '/')) {
+		cli_errmsg("Slash separators are not allowed in CVD.\n");
+		free(fullname);
+	        gzclose(infile);
+		return -1;
+	    }
+
 	    strcpy(fullname, destdir);
 	    strcat(fullname, "/");
 	    strcat(fullname, name);