diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2015-10-22 16:37:01 +0200 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2015-10-22 16:37:01 +0200 |
commit | a96074874857b31361d02ead97a1152164568918 (patch) | |
tree | 99a7c0af22fa222f1f944da702e4350f65b37a01 /testsuite | |
parent | accd9eeb719916da974584b33b1aeced5f3bb346 (diff) |
tar: add a test that we don't write into symlinks
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'testsuite')
-rwxr-xr-x | testsuite/tar.tests | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/testsuite/tar.tests b/testsuite/tar.tests index 383a4646c..890a73dd5 100755 --- a/testsuite/tar.tests +++ b/testsuite/tar.tests @@ -256,6 +256,49 @@ Ok "" "" SKIP= +# attack.tar.bz2 has symlink pointing to a system file +# followed by a regular file with the same name +# containing "root::0:0::/root:/bin/sh": +# lrwxrwxrwx root/root passwd -> /tmp/passwd +# -rw-r--r-- root/root passwd +# naive tar implementation may end up creating the symlink +# and then writing into it. +# The correct implementation unlinks target before +# creating the second file. +# We test that /tmp/passwd remains empty: +optional UUDECODE FEATURE_SEAMLESS_BZ2 +testing "tar does not extract into symlinks" "\ +>>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$? +" "\ +0 +" \ +"" "\ +begin-base64 644 attack.tar.bz2 +QlpoOTFBWSZTWRVn/bIAAKt7hMqwAEBAAP2QAhB0Y96AAACACCAAlISgpqe0 +po0DIaDynqAkpDRP1ANAhiYNSPR8VchKhAz0AK59+DA6FcMKBggOARIJdVHL +DGllrjs20ATUgR1HmccBX3EhoMnpMJaNyggmxgLDMz54lBnBTJO/1L1lbMS4 +l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI= +==== +" +SKIP= +# And same with -k +optional UUDECODE FEATURE_SEAMLESS_BZ2 +testing "tar -k does not extract into symlinks" "\ +>>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$? +" "\ +tar: can't open 'passwd': File exists +0 +" \ +"" "\ +begin-base64 644 attack.tar.bz2 +QlpoOTFBWSZTWRVn/bIAAKt7hMqwAEBAAP2QAhB0Y96AAACACCAAlISgpqe0 +po0DIaDynqAkpDRP1ANAhiYNSPR8VchKhAz0AK59+DA6FcMKBggOARIJdVHL +DGllrjs20ATUgR1HmccBX3EhoMnpMJaNyggmxgLDMz54lBnBTJO/1L1lbMS4 +l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI= +==== +" +SKIP= + cd .. && rm -rf tar.tempdir || exit 1 |