Fix directory traversal vulnerability.

PR: 115914 Submitted by: Nick Barkas <snb@threerings.net> Security: http://www.vuxml.org/freebsd/d944719e-42f4-4864-89ed-f045b541919f.html
author: Christian Weisgerber <naddy@FreeBSD.org> 2007-09-01 16:02:47 +0000
committer: Christian Weisgerber <naddy@FreeBSD.org> 2007-09-01 16:02:47 +0000
commit: 89a513d4c65a6909b3d155e39a9311347ec53ac8 (patch)
tree: 73ed25138c555727eb73d260b379aaa6e6323379 /archivers/gtar
parent: b2458b950ac8fbb12f1998b74945f1b81d424bbc (diff)
download: ports-89a513d4c65a6909b3d155e39a9311347ec53ac8.tar.gz
ports-89a513d4c65a6909b3d155e39a9311347ec53ac8.zip
2 files changed, 19 insertions, 0 deletions
diff --git a/archivers/gtar/Makefile b/archivers/gtar/Makefile
index a6ca3a1e58f8..a4950e31bc49 100644
--- a/archivers/gtar/Makefile
+++ b/archivers/gtar/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	tar
 PORTVERSION=	1.18
+PORTREVISION=	1
 CATEGORIES=	archivers sysutils
 MASTER_SITES=	${MASTER_SITE_GNU}
 MASTER_SITE_SUBDIR=	${PORTNAME}
diff --git a/archivers/gtar/files/patch-src_names.c b/archivers/gtar/files/patch-src_names.c
new file mode 100644
index 000000000000..a49b375cb9e3
--- /dev/null
+++ b/archivers/gtar/files/patch-src_names.c
@@ -0,0 +1,18 @@
+
+$FreeBSD$
+
+--- src/names.c.orig
++++ src/names.c
+@@ -1012,11 +1012,10 @@
+       if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+ 	return 1;
+ 
+-      do
++      while (! ISSLASH (*p))
+ 	{
+ 	  if (! *p++)
+ 	    return 0;
+ 	}
+-      while (! ISSLASH (*p));
+     }
+ }
author	Christian Weisgerber <naddy@FreeBSD.org>	2007-09-01 16:02:47 +0000
committer	Christian Weisgerber <naddy@FreeBSD.org>	2007-09-01 16:02:47 +0000
commit	89a513d4c65a6909b3d155e39a9311347ec53ac8 (patch)
tree	73ed25138c555727eb73d260b379aaa6e6323379 /archivers/gtar
parent	b2458b950ac8fbb12f1998b74945f1b81d424bbc (diff)
download	ports-89a513d4c65a6909b3d155e39a9311347ec53ac8.tar.gz ports-89a513d4c65a6909b3d155e39a9311347ec53ac8.zip