• Timo Teräs's avatar
    rework unpacking of packages and harden package file format requirements · 6484ed98
    Timo Teräs authored
    A crafted .apk file could to trick apk writing unverified data to
    an unexpected file during temporary file creation due to bugs in handling
    long link target name and the way a regular file is extracted.
    
    Several hardening steps are implemented to avoid this:
     - the temporary file is now always first unlinked (apk thus reserved
       all filenames .apk.* to be it's working files)
     - the temporary file is after that created with O_EXCL to avoid races
     - the temporary file is no longer directly the archive entry name
       and thus directly controlled by potentially untrusted data
     - long file names and link target names are now rejected
     - hard link targets are now more rigorously checked
     - various additional checks added for the extraction process to
       error out early in case of malformed (or old legacy) file
    Reported-by: 's avatarMax Justicz <max@justi.cz>
    6484ed98
Name
Last commit
Last update
libfetch Loading commit data...
src Loading commit data...
test Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
.travis.yml Loading commit data...
AUTHORS Loading commit data...
Make.rules Loading commit data...
Makefile Loading commit data...
NEWS Loading commit data...
README Loading commit data...