mirror of
https://git.yoctoproject.org/poky
synced 2026-06-01 00:59:48 +00:00
perl: CVE-2018-12015
Remove existing files before overwriting them Archive should extract only the latest same-named entry. Extracted regular file should not be writtent into existing block device (or any other one). https://rt.cpan.org/Ticket/Display.html?id=125523 Affects perl <= 5.26.2 (From OE-Core rev: ca005cd857f8e79b135c43526d5b792478a07eb3) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Jagadeesh Krishnanjanappa
committed by
Richard Purdie
Richard Purdie
parent
4f6ff3e60c
commit
90cb0ee1c2
@@ -0,0 +1,48 @@
|
|||||||
|
From ae65651eab053fc6dc4590dbb863a268215c1fc5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
||||||
|
Date: Fri, 8 Jun 2018 11:45:40 +0100
|
||||||
|
Subject: [PATCH] [PATCH] Remove existing files before overwriting them
|
||||||
|
|
||||||
|
Archive should extract only the latest same-named entry.
|
||||||
|
Extracted regular file should not be writtent into existing block
|
||||||
|
device (or any other one).
|
||||||
|
|
||||||
|
https://rt.cpan.org/Ticket/Display.html?id=125523
|
||||||
|
|
||||||
|
CVE: CVE-2018-12015
|
||||||
|
Upstream-Status: Backport [https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5]
|
||||||
|
|
||||||
|
Signed-off-by: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
|
||||||
|
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
|
||||||
|
---
|
||||||
|
lib/Archive/Tar.pm | 14 ++++++++++++++
|
||||||
|
1 file changed, 14 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/cpan/Archive-Tar/lib/Archive/Tar.pm b/cpan/Archive-Tar/lib/Archive/Tar.pm
|
||||||
|
index 6244369..a83975f 100644
|
||||||
|
--- a/cpan/Archive-Tar/lib/Archive/Tar.pm
|
||||||
|
+++ b/cpan/Archive-Tar/lib/Archive/Tar.pm
|
||||||
|
@@ -845,6 +845,20 @@ sub _extract_file {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ ### If a file system already contains a block device with the same name as
|
||||||
|
+ ### the being extracted regular file, we would write the file's content
|
||||||
|
+ ### to the block device. So remove the existing file (block device) now.
|
||||||
|
+ ### If an archive contains multiple same-named entries, the last one
|
||||||
|
+ ### should replace the previous ones. So remove the old file now.
|
||||||
|
+ ### If the old entry is a symlink to a file outside of the CWD, the new
|
||||||
|
+ ### entry would create a file there. This is CVE-2018-12015
|
||||||
|
+ ### <https://rt.cpan.org/Ticket/Display.html?id=125523>.
|
||||||
|
+ if (-l $full || -e _) {
|
||||||
|
+ if (!unlink $full) {
|
||||||
|
+ $self->_error( qq[Could not remove old file '$full': $!] );
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
if( length $entry->type && $entry->is_file ) {
|
||||||
|
my $fh = IO::File->new;
|
||||||
|
$fh->open( '>' . $full ) or (
|
||||||
|
--
|
||||||
|
2.13.3
|
||||||
|
|
||||||
@@ -70,6 +70,7 @@ SRC_URI += " \
|
|||||||
file://CVE-2018-6798-2.patch \
|
file://CVE-2018-6798-2.patch \
|
||||||
file://CVE-2018-6797.patch \
|
file://CVE-2018-6797.patch \
|
||||||
file://CVE-2018-6913.patch \
|
file://CVE-2018-6913.patch \
|
||||||
|
file://CVE-2018-12015.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
# Fix test case issues
|
# Fix test case issues
|
||||||
|
|||||||
Reference in New Issue
Block a user