diff options
Diffstat (limited to 'archive/gzip/patches/gzip-1.3.5-gunzip-dir.patch')
| -rw-r--r-- | archive/gzip/patches/gzip-1.3.5-gunzip-dir.patch | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/archive/gzip/patches/gzip-1.3.5-gunzip-dir.patch b/archive/gzip/patches/gzip-1.3.5-gunzip-dir.patch new file mode 100644 index 0000000000..5f0e4ab08a --- /dev/null +++ b/archive/gzip/patches/gzip-1.3.5-gunzip-dir.patch @@ -0,0 +1,17 @@ +Fix a bug reported by Ulf Harnhammar (patch by him too): +gzip: dir traversal bug when using "gunzip -N" + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255 +http://bugs.gentoo.org/show_bug.cgi?id=89946 + +--- gzip-1.3.5/gzip.c ++++ gzip-1.3.5/gzip.c +@@ -1344,6 +1344,8 @@ + error("corrupted input -- file name too large"); + } + } ++ char *base2 = base_name (base); /* strip any paths that may exists */ ++ strcpy(base, base2); /* in the output name */ + /* If necessary, adapt the name to local OS conventions: */ + if (!list) { + MAKE_LEGAL_NAME(base); |