[Bug 8411] Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory

bugzilla at busybox.net bugzilla at busybox.net
Tue Nov 10 00:58:19 UTC 2015


https://bugs.busybox.net/show_bug.cgi?id=8411

--- Comment #12 from Tyler Hicks <tyhicks at canonical.com> 2015-11-10 00:58:19 UTC ---
Created attachment 6216
  --> https://bugs.busybox.net/attachment.cgi?id=6216
Tar file containing two files (abs and rel) encoded as hardlinks of /tmp/foo

Here's a tar file that includes two files, abs and rel, that are encoded in
such a way to match busybox libarchive's encoding of hardlinks (which seems to
differ from what GNU tar uses).

Busybox tar will extract the two files and create them as hardlinks of
/tmp/foo.

$ rm -f /tmp/foo
$ touch /tmp/foo
$ stat -c %h /tmp/foo
1
$ busybox tar -xvf hardlink.tar
abs
rel
$ stat -c %h /tmp/foo # should print "1"
3

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list