objcopy: directory traversal

cherepan at mccme dot ru Tue, 04 Nov 2014 14:15:07 -0800

https://sourceware.org/bugzilla/show_bug.cgi?id=17552


            Bug ID: 17552
           Summary: strip/objcopy: directory traversal
           Product: binutils
           Version: 2.26 (HEAD)
            Status: NEW
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: cherepan at mccme dot ru

strip and objcopy don't filter out .. components from paths inside archive.

Consider an archive created with the following command:

$ printf '!<arch>\n%-48s%-10d`\n../file\n%-48s%-10s`\n' '//' 8 '/0' 0 > test.a

then runnig strip/objcopy on it will unlink ./file (e.g.
unlink("stq0g2tL/../st4Mtgu4/../file") ).

Consider this:

$ printf '!<arch>\n%-48s%-10d`\n../../file\n\n%-48s%-10s`\n' '//' 12 '/0' 0 >
test.a

then runnig strip/objcopy on it will unlink ../../file (e.g.
unlink("staOxyFW/../../st4KIqLm/../../file") ).

See also https://sourceware.org/bugzilla/show_bug.cgi?id=17533#c4 .

-- 
You are receiving this mail because:
You are on the CC list for the bug.

_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/17552] New: strip/objcopy: directory traversal

Reply via email to