From: "Zac Medico" <zmedico@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/portage:master commit in: pym/portage/
Date: Sun, 12 Feb 2012 03:39:24 +0000 (UTC) [thread overview]
Message-ID: <b3cfb2065ccbeb8f769d630ff997c0327fb2eb35.zmedico@gentoo> (raw)
commit: b3cfb2065ccbeb8f769d630ff997c0327fb2eb35
Author: Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 12 03:39:10 2012 +0000
Commit: Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Sun Feb 12 03:39:10 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=b3cfb206
xpak.unpackinfo: validate paths, bug #403149
---
pym/portage/xpak.py | 44 ++++++++++++++++++++------------------------
1 files changed, 20 insertions(+), 24 deletions(-)
diff --git a/pym/portage/xpak.py b/pym/portage/xpak.py
index b507243..db2a2bc 100644
--- a/pym/portage/xpak.py
+++ b/pym/portage/xpak.py
@@ -1,4 +1,4 @@
-# Copyright 2001-2011 Gentoo Foundation
+# Copyright 2001-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
@@ -246,16 +246,9 @@ def getitem(myid,myitem):
return mydata[myloc[0]:myloc[0]+myloc[1]]
def xpand(myid,mydest):
+ mydest = normalize_path(mydest) + os.sep
myindex=myid[0]
mydata=myid[1]
- try:
- origdir=os.getcwd()
- except SystemExit as e:
- raise
- except:
- os.chdir("/")
- origdir="/"
- os.chdir(mydest)
myindexlen=len(myindex)
startpos=0
while ((startpos+8)<myindexlen):
@@ -263,16 +256,22 @@ def xpand(myid,mydest):
datapos=decodeint(myindex[startpos+4+namelen:startpos+8+namelen]);
datalen=decodeint(myindex[startpos+8+namelen:startpos+12+namelen]);
myname=myindex[startpos+4:startpos+4+namelen]
- dirname=os.path.dirname(myname)
+ myname = _unicode_decode(myname,
+ encoding=_encodings['repo.content'], errors='replace')
+ filename = os.path.join(mydest, myname.lstrip(os.sep))
+ filename = normalize_path(filename)
+ if not filename.startswith(mydest):
+ # myname contains invalid ../ component(s)
+ continue
+ dirname = os.path.dirname(filename)
if dirname:
if not os.path.exists(dirname):
os.makedirs(dirname)
- mydat = open(_unicode_encode(myname,
+ mydat = open(_unicode_encode(filename,
encoding=_encodings['fs'], errors='strict'), 'wb')
mydat.write(mydata[datapos:datapos+datalen])
mydat.close()
startpos=startpos+namelen+12
- os.chdir(origdir)
class tbz2(object):
def __init__(self,myfile):
@@ -398,7 +397,7 @@ class tbz2(object):
self.datapos=a.tell()
a.close()
return 2
- except SystemExit as e:
+ except SystemExit:
raise
except:
return 0
@@ -434,18 +433,11 @@ class tbz2(object):
"""Unpacks all the files from the dataSegment into 'mydest'."""
if not self.scan():
return 0
- try:
- origdir=os.getcwd()
- except SystemExit as e:
- raise
- except:
- os.chdir("/")
- origdir="/"
+ mydest = normalize_path(mydest) + os.sep
a = open(_unicode_encode(self.file,
encoding=_encodings['fs'], errors='strict'), 'rb')
if not os.path.exists(mydest):
os.makedirs(mydest)
- os.chdir(mydest)
startpos=0
while ((startpos+8)<self.indexsize):
namelen=decodeint(self.index[startpos:startpos+4])
@@ -454,18 +446,22 @@ class tbz2(object):
myname=self.index[startpos+4:startpos+4+namelen]
myname = _unicode_decode(myname,
encoding=_encodings['repo.content'], errors='replace')
- dirname=os.path.dirname(myname)
+ filename = os.path.join(mydest, myname.lstrip(os.sep))
+ filename = normalize_path(filename)
+ if not filename.startswith(mydest):
+ # myname contains invalid ../ component(s)
+ continue
+ dirname = os.path.dirname(filename)
if dirname:
if not os.path.exists(dirname):
os.makedirs(dirname)
- mydat = open(_unicode_encode(myname,
+ mydat = open(_unicode_encode(filename,
encoding=_encodings['fs'], errors='strict'), 'wb')
a.seek(self.datapos+datapos)
mydat.write(a.read(datalen))
mydat.close()
startpos=startpos+namelen+12
a.close()
- os.chdir(origdir)
return 1
def get_data(self):
next reply other threads:[~2012-02-12 3:39 UTC|newest]
Thread overview: 248+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-12 3:39 Zac Medico [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-04-28 23:08 [gentoo-commits] proj/portage:master commit in: pym/portage/ Zac Medico
2018-04-17 2:22 Zac Medico
2018-03-30 5:20 [gentoo-commits] proj/portage:repoman " Zac Medico
2018-03-30 4:23 ` [gentoo-commits] proj/portage:master " Zac Medico
2018-03-11 11:44 Michał Górny
2018-03-04 21:05 Michał Górny
2018-02-25 20:58 Michał Górny
2018-02-22 19:13 Michał Górny
2018-02-22 17:32 Zac Medico
2018-01-14 9:59 Michał Górny
2017-12-06 8:39 Michał Górny
2017-12-05 17:37 Michał Górny
2017-12-04 8:40 Zac Medico
2017-11-20 18:44 Michał Górny
2017-11-06 14:33 Michał Górny
2017-11-06 14:33 Michał Górny
2017-10-22 22:33 Zac Medico
2017-07-19 20:54 Manuel Rüger
2017-06-15 17:15 Michał Górny
2017-06-15 17:05 Michał Górny
2017-03-13 21:46 Michał Górny
2017-03-13 21:46 Michał Górny
2017-03-13 21:46 Michał Górny
2017-03-13 21:46 Michał Górny
2017-03-13 21:46 Michał Górny
2017-03-13 21:46 Michał Górny
2017-03-13 21:46 Michał Górny
2017-03-13 21:46 Michał Górny
2017-03-13 21:46 Michał Górny
2017-03-13 21:46 Michał Górny
2017-03-13 21:46 Michał Górny
2017-03-13 21:46 Michał Górny
2017-03-13 21:46 Michał Górny
2017-03-01 15:43 Michał Górny
2017-03-01 15:43 Michał Górny
2017-02-28 22:07 Michał Górny
2017-02-28 22:07 Michał Górny
2017-02-28 22:07 Michał Górny
2017-01-27 0:04 Zac Medico
2017-01-20 7:28 Zac Medico
2017-01-17 17:43 Zac Medico
2016-12-06 3:54 Brian Dolbec
2016-12-06 3:54 Brian Dolbec
2016-12-05 5:14 Brian Dolbec
2016-10-02 4:46 Zac Medico
2016-09-15 21:42 Zac Medico
2016-09-15 2:03 Zac Medico
2016-09-15 2:03 Zac Medico
2016-07-23 23:09 Zac Medico
2016-06-29 3:04 Brian Dolbec
2016-05-31 1:05 Zac Medico
2016-05-20 9:01 Alexander Berntsen
2016-05-18 16:45 Zac Medico
2016-05-18 16:42 Zac Medico
2016-05-16 9:47 Brian Dolbec
2016-04-30 0:12 Brian Dolbec
2016-04-29 23:16 Brian Dolbec
2015-12-21 16:17 Zac Medico
2015-12-16 18:58 Zac Medico
2015-12-15 16:18 Zac Medico
2015-11-15 22:54 Michał Górny
2015-11-12 19:32 Michał Górny
2015-10-02 5:08 Zac Medico
2015-08-17 3:39 Zac Medico
2015-05-11 0:47 Zac Medico
2015-01-31 23:13 Zac Medico
2015-01-30 20:32 Brian Dolbec
2015-01-30 20:32 Brian Dolbec
2015-01-12 9:13 Zac Medico
2015-01-12 9:13 Zac Medico
2014-12-04 14:01 Michał Górny
2014-12-04 14:01 Michał Górny
2014-12-03 18:30 Zac Medico
2014-11-18 1:04 Zac Medico
2014-11-11 22:30 Zac Medico
2014-10-23 18:18 Zac Medico
2014-09-12 21:26 Zac Medico
2014-09-11 23:45 Brian Dolbec
2014-09-11 23:45 Brian Dolbec
2014-09-11 23:45 Brian Dolbec
2014-09-11 23:04 Brian Dolbec
2014-09-11 23:04 Brian Dolbec
2014-08-19 7:01 Michał Górny
2014-08-06 20:54 ` Michał Górny
2014-06-12 15:47 Brian Dolbec
2014-04-05 20:44 Sebastian Luther
2014-02-04 2:53 Mike Frysinger
2014-01-19 8:45 Arfrever Frehtes Taifersar Arahesis
2014-01-07 23:42 Arfrever Frehtes Taifersar Arahesis
2014-01-02 22:53 Arfrever Frehtes Taifersar Arahesis
2013-11-30 18:15 Mike Frysinger
2013-11-30 5:35 Mike Frysinger
2013-09-02 0:55 Zac Medico
2013-09-01 23:57 Zac Medico
2013-09-01 20:55 Zac Medico
2013-08-18 6:04 Zac Medico
2013-07-29 18:40 Zac Medico
2013-07-13 9:24 Arfrever Frehtes Taifersar Arahesis
2013-06-22 17:49 Zac Medico
2013-04-28 22:42 Zac Medico
2013-03-22 15:42 Zac Medico
2013-03-22 15:36 Zac Medico
2013-03-22 1:42 Zac Medico
2013-03-19 21:57 Zac Medico
2013-03-17 4:33 Arfrever Frehtes Taifersar Arahesis
2013-03-17 3:35 Arfrever Frehtes Taifersar Arahesis
2013-02-17 22:13 Zac Medico
2013-02-15 22:34 Zac Medico
2013-01-28 1:21 Zac Medico
2013-01-25 21:30 Zac Medico
2013-01-19 6:14 Zac Medico
2013-01-19 4:57 Zac Medico
2013-01-19 4:32 Zac Medico
2013-01-19 4:03 Zac Medico
2013-01-19 3:43 Zac Medico
2013-01-19 2:10 Zac Medico
2013-01-18 19:11 Zac Medico
2013-01-17 17:23 Zac Medico
2013-01-14 11:35 Zac Medico
2013-01-09 12:20 Zac Medico
2013-01-08 1:03 Zac Medico
2013-01-08 0:56 Zac Medico
2013-01-04 4:25 Zac Medico
2013-01-03 23:45 Zac Medico
2012-11-15 16:09 Zac Medico
2012-11-14 17:28 Zac Medico
2012-10-17 22:58 Zac Medico
2012-10-16 19:09 Zac Medico
2012-10-08 15:43 Zac Medico
2012-10-08 14:54 Zac Medico
2012-09-24 15:19 Zac Medico
2012-09-21 22:00 Zac Medico
2012-09-20 4:17 Zac Medico
2012-09-12 8:12 Zac Medico
2012-09-12 6:39 Zac Medico
2012-09-02 2:38 Zac Medico
2012-09-02 0:42 Zac Medico
2012-08-29 20:29 Zac Medico
2012-08-26 22:31 Zac Medico
2012-07-27 22:46 Zac Medico
2012-07-27 22:40 Zac Medico
2012-07-27 22:22 Zac Medico
2012-07-27 22:10 Zac Medico
2012-07-27 2:43 Zac Medico
2012-07-23 7:52 Zac Medico
2012-07-22 22:06 Zac Medico
2012-07-22 21:53 Zac Medico
2012-07-18 22:31 Zac Medico
2012-07-12 19:54 Zac Medico
2012-07-10 0:13 Zac Medico
2012-07-09 21:50 Zac Medico
2012-07-09 20:46 Zac Medico
2012-07-05 0:22 Zac Medico
2012-07-02 21:34 Zac Medico
2012-06-10 23:41 Zac Medico
2012-06-03 6:35 Arfrever Frehtes Taifersar Arahesis
2012-06-01 21:43 Zac Medico
2012-06-01 21:28 Zac Medico
2012-05-14 3:29 Zac Medico
2012-05-14 3:18 Zac Medico
2012-05-14 1:24 Zac Medico
2012-05-13 22:30 Zac Medico
2012-05-13 22:16 Zac Medico
2012-05-13 19:52 Zac Medico
2012-05-13 9:05 Zac Medico
2012-05-13 8:44 Zac Medico
2012-05-12 22:57 Zac Medico
2012-05-12 22:31 Arfrever Frehtes Taifersar Arahesis
2012-05-12 16:26 Arfrever Frehtes Taifersar Arahesis
2012-05-12 7:36 Zac Medico
2012-05-02 19:55 Zac Medico
2012-04-14 0:56 Zac Medico
2012-04-01 16:38 Zac Medico
2012-03-31 17:22 Zac Medico
2012-03-29 3:35 Mike Frysinger
2012-03-28 0:36 Zac Medico
2012-03-18 17:07 Zac Medico
2012-02-28 4:58 Zac Medico
2012-02-16 19:44 Arfrever Frehtes Taifersar Arahesis
2012-02-15 9:32 Zac Medico
2012-02-13 21:58 Zac Medico
2012-02-06 17:20 Zac Medico
2012-01-11 3:59 Arfrever Frehtes Taifersar Arahesis
2011-12-24 1:29 Arfrever Frehtes Taifersar Arahesis
2011-12-21 20:56 Zac Medico
2011-12-20 23:27 Zac Medico
2011-12-14 20:14 Arfrever Frehtes Taifersar Arahesis
2011-12-14 17:54 Zac Medico
2011-12-14 9:11 Zac Medico
2011-12-14 7:33 Zac Medico
2011-12-14 6:00 Zac Medico
2011-12-14 5:26 Zac Medico
2011-12-14 2:03 Zac Medico
2011-12-11 8:15 Zac Medico
2011-12-10 23:49 Zac Medico
2011-12-10 22:40 Zac Medico
2011-12-10 22:02 Zac Medico
2011-12-10 19:13 Zac Medico
2011-12-10 5:28 Arfrever Frehtes Taifersar Arahesis
2011-12-09 23:23 Zac Medico
2011-12-08 21:16 Zac Medico
2011-12-02 3:24 Zac Medico
2011-12-01 23:26 Zac Medico
2011-12-01 17:52 Zac Medico
2011-11-13 20:33 Zac Medico
2011-10-30 7:08 Zac Medico
2011-10-30 6:53 Zac Medico
2011-10-29 3:34 Zac Medico
2011-10-28 0:54 Zac Medico
2011-10-26 21:51 Zac Medico
2011-10-23 18:32 Zac Medico
2011-10-17 21:46 Zac Medico
2011-10-17 3:04 Zac Medico
2011-10-17 3:00 Zac Medico
2011-10-16 12:50 Arfrever Frehtes Taifersar Arahesis
2011-10-15 1:49 Zac Medico
2011-10-08 8:05 Zac Medico
2011-10-03 17:42 Zac Medico
2011-10-02 23:43 Zac Medico
2011-10-02 22:54 Zac Medico
2011-10-02 6:32 Zac Medico
2011-10-02 6:01 Zac Medico
2011-10-02 5:55 Zac Medico
2011-10-02 5:42 Zac Medico
2011-10-02 5:25 Zac Medico
2011-10-02 5:18 Zac Medico
2011-10-02 4:58 Zac Medico
2011-09-28 6:49 Zac Medico
2011-09-15 2:38 Zac Medico
2011-09-15 2:23 Zac Medico
2011-09-14 2:35 Zac Medico
2011-09-09 20:47 Zac Medico
2011-09-09 4:06 Zac Medico
2011-09-06 19:15 Zac Medico
2011-09-02 2:14 Zac Medico
2011-08-29 5:21 Zac Medico
2011-08-25 21:50 Arfrever Frehtes Taifersar Arahesis
2011-07-12 22:49 Zac Medico
2011-07-11 0:13 Zac Medico
2011-07-10 23:46 Zac Medico
2011-06-09 15:44 Zac Medico
2011-06-09 10:41 Zac Medico
2011-06-03 21:51 Zac Medico
2011-05-04 4:12 Zac Medico
2011-03-06 0:41 Zac Medico
2011-02-18 8:33 Zac Medico
2011-02-18 8:04 Zac Medico
2011-02-08 9:33 Zac Medico
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b3cfb2065ccbeb8f769d630ff997c0327fb2eb35.zmedico@gentoo \
--to=zmedico@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox