x/busybox
1
0
Fork 0
mirror of https://git.busybox.net/busybox synced 2026-01-25 23:57:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
busybox/scripts
History
Denys Vlasenko 9a8796436b archival: disallow path traversals (CVE-2023-39810) 
Create new configure option for archival/libarchive based extractions to
disallow path traversals.
As this is a paranoid option and might introduce backward
incompatibility, default it to no.

Fixes: CVE-2023-39810

Based on the patch by Peter Kaestle <peter.kaestle@nokia.com>

function                                             old     new   delta
data_extract_all                                     921     945     +24
strip_unsafe_prefix                                  101     102      +1
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 25/0)               Total: 25 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2025-04-16 03:03:17 +02:00
..
basic fixdep: add fstat error handling 2024-09-27 20:03:30 +02:00
kconfig archival: disallow path traversals (CVE-2023-39810) 2025-04-16 03:03:17 +02:00
bb_release build system: detect if build host has no bzip2 2022-01-04 14:32:41 +01:00
bloat-o-meter bloat-o-meter: avoid double counting 2021-03-09 17:25:07 +01:00
checkhelp.awk
checkstack.pl checkstack.pl: tweak bfin re 2019-01-18 09:56:19 +01:00
cleanup_printf2puts typo fix 2010-11-06 22:17:30 +01:00
echo.c scripts/echo.c: fix NUL handling in "abc\0 def" 2021-12-28 21:05:59 +01:00
embedded_scripts build system: detect if build host has no bzip2 2022-01-04 14:32:41 +01:00
find_bad_common_bufsiz
find_stray_common_vars
find_stray_empty_lines find_stray_empty_lines: make it work 2010-07-28 21:29:19 +02:00
fix_ws.sh
gcc-version.sh gcc-version.sh: fix for "invalid number" message during Android NDK builds 2021-04-22 09:21:39 +02:00
gen_build_files.sh gen_build_files: Use C locale when calling sed on globbed files 2021-06-05 17:36:19 +02:00
generate_BUFSIZ.sh build system: make CONFIG_FEATURE_USE_BSS_TAIL less funky 2016-06-29 15:00:52 +02:00
Kbuild.include build system: remove KBUILD_STR() 2020-04-29 14:52:19 +02:00
Kbuild.src
Makefile.build build system: specify '-nostldlib' when linking to .o files 2014-04-02 12:12:46 +02:00
Makefile.clean
Makefile.host *: trailing empty lines removed 2010-07-26 01:49:12 +02:00
Makefile.IMA build system: remove KBUILD_STR() 2020-04-29 14:52:19 +02:00
Makefile.lib kbuild: fix building sha256 2022-04-21 13:37:10 +02:00
memusage
mkconfigs build system: detect if build host has no bzip2 2022-01-04 14:32:41 +01:00
mkdiff_obj scripts/mkdiff_obj: show "size OBJFILE" too 2010-10-29 19:06:20 +02:00
mkdiff_obj_bloat
mkmakefile mkmakefile: make 3.82 fix 2010-10-19 12:49:51 +02:00
objsizes
randomtest *: remove remains of FEATURE_TOUCH_NODEREF 2021-08-15 20:50:13 +02:00
randomtest.loop scripts/randomtest.loop: let user know about SKIP_MOUNT_MAND_TESTS 2021-08-16 20:03:07 +02:00
sample_pmap
showasm *: make GNU licensing statement forms more regular 2010-08-16 20:14:46 +02:00
test_make_clean
test_make_O fix make O=dir build 2010-07-09 01:25:36 +02:00
test_setenv_leak.c crond: do not assume setenv() does not leak 2017-07-22 02:25:47 +02:00
trylink trylink: do not drop libs from CONFIG_EXTRA_LDLIBS 2021-02-23 23:09:49 +01:00