ahp/busybox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
busybox/scripts/kconfig
History
Exact
Denys Vlasenko 9a8796436b archival: disallow path traversals (CVE-2023-39810) 
Create new configure option for archival/libarchive based extractions to
disallow path traversals.
As this is a paranoid option and might introduce backward
incompatibility, default it to no.

Fixes: CVE-2023-39810

Based on the patch by Peter Kaestle <peter.kaestle@nokia.com>

function                                             old     new   delta
data_extract_all                                     921     945     +24
strip_unsafe_prefix                                  101     102      +1
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 25/0)               Total: 25 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2025-04-16 03:03:17 +02:00
..
lxdialog archival: disallow path traversals (CVE-2023-39810) 2025-04-16 03:03:17 +02:00
.gitignore add .gitignore files 2009-05-05 09:05:30 -04:00
check.sh *: trailing empty lines removed 2010-07-26 01:49:12 +02:00
conf.c fix "warning array subscript has type 'char'" 2021-04-14 19:12:43 +02:00
confdata.c build system: use SOURCE_DATE_EPOCH for timestamp if available 2021-06-05 18:13:00 +02:00
expr.c whitespace fixes 2007-05-30 00:29:55 +00:00
expr.h build system overhaul 2006-10-05 10:17:08 +00:00
gconf.c Remove 'busybox' word from configuration programs 2008-05-28 11:59:32 +00:00
gconf.glade build system overhaul 2006-10-05 10:17:08 +00:00
images.c build system overhaul 2006-10-05 10:17:08 +00:00
kconfig_load.c whitespace fixes 2007-05-30 00:29:55 +00:00
kxgettext.c build system overhaul 2006-10-05 10:17:08 +00:00
lex.zconf.c_shipped update _shipped file with hurd fix 2010-08-02 02:17:25 +02:00
lkc.h build system overhaul 2006-10-05 10:17:08 +00:00
lkc_proto.h build system overhaul 2006-10-05 10:17:08 +00:00
Makefile build system: fix make gconfig 2013-12-19 04:43:24 +01:00
mconf.c fix "warning array subscript has type 'char'" 2021-04-14 19:12:43 +02:00
menu.c *: trailing empty lines removed 2010-07-26 01:49:12 +02:00
POTFILES.in build system overhaul 2006-10-05 10:17:08 +00:00
qconf.cc Remove 'busybox' word from configuration programs 2008-05-28 11:59:32 +00:00
qconf.h build system overhaul 2006-10-05 10:17:08 +00:00
symbol.c build system overhaul 2006-10-05 10:17:08 +00:00
util.c fix if(p)/free(p) construct 2015-06-07 18:19:43 +02:00
zconf.gperf build system overhaul 2006-10-05 10:17:08 +00:00
zconf.hash.c_shipped randomconfig fixes 2016-06-19 18:15:33 +02:00
zconf.l Hurd compat fixes. Mostly dealing with absent PATH_MAX 2010-03-26 19:08:53 +01:00
zconf.tab.c_shipped *: trailing empty lines removed 2010-07-26 01:49:12 +02:00
zconf.y *: s/spaces/tabs/ 2010-07-26 12:47:36 +02:00