Fix directory traversal vulnerability.

PR: 115914 Submitted by: Nick Barkas <snb@threerings.net> Security: http://www.vuxml.org/freebsd/d944719e-42f4-4864-89ed-f045b541919f.html
author: naddy <naddy@FreeBSD.org> 2007-09-02 00:02:47 +0800
committer: naddy <naddy@FreeBSD.org> 2007-09-02 00:02:47 +0800
commit: 77d925d8d8ba6b841b075c91309614fba5e4b863 (patch)
tree: fa8a270b4f333fb5663056aa9259b239ef4c8370
parent: f4c8af9c56c926fa6d780dc6b93debf68aced7cb (diff)
download: freebsd-ports-gnome-77d925d8d8ba6b841b075c91309614fba5e4b863.tar.gz
freebsd-ports-gnome-77d925d8d8ba6b841b075c91309614fba5e4b863.tar.zst
freebsd-ports-gnome-77d925d8d8ba6b841b075c91309614fba5e4b863.zip
2 files changed, 19 insertions, 0 deletions
diff --git a/archivers/gtar/Makefile b/archivers/gtar/Makefile
index a6ca3a1e58f8..a4950e31bc49 100644
--- a/archivers/gtar/Makefile
+++ b/archivers/gtar/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	tar
 PORTVERSION=	1.18
+PORTREVISION=	1
 CATEGORIES=	archivers sysutils
 MASTER_SITES=	${MASTER_SITE_GNU}
 MASTER_SITE_SUBDIR=	${PORTNAME}
diff --git a/archivers/gtar/files/patch-src_names.c b/archivers/gtar/files/patch-src_names.c
new file mode 100644
index 000000000000..a49b375cb9e3
--- /dev/null
+++ b/archivers/gtar/files/patch-src_names.c
@@ -0,0 +1,18 @@
+
+$FreeBSD$
+
+--- src/names.c.orig
++++ src/names.c
+@@ -1012,11 +1012,10 @@
+       if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+ 	return 1;
+ 
+-      do
++      while (! ISSLASH (*p))
+ 	{
+ 	  if (! *p++)
+ 	    return 0;
+ 	}
+-      while (! ISSLASH (*p));
+     }
+ }
author	naddy <naddy@FreeBSD.org>	2007-09-02 00:02:47 +0800
committer	naddy <naddy@FreeBSD.org>	2007-09-02 00:02:47 +0800
commit	77d925d8d8ba6b841b075c91309614fba5e4b863 (patch)
tree	fa8a270b4f333fb5663056aa9259b239ef4c8370
parent	f4c8af9c56c926fa6d780dc6b93debf68aced7cb (diff)
download	freebsd-ports-gnome-77d925d8d8ba6b841b075c91309614fba5e4b863.tar.gz freebsd-ports-gnome-77d925d8d8ba6b841b075c91309614fba5e4b863.tar.zst freebsd-ports-gnome-77d925d8d8ba6b841b075c91309614fba5e4b863.zip