-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix to backups failing after Fix to CVE-2022-37705 runtar.c #204
Fix to backups failing after Fix to CVE-2022-37705 runtar.c #204
Conversation
- amgtar send '-' as a valid value for argument to --file
@@ -192,8 +192,9 @@ main( | |||
g_str_has_prefix(argv[i],"--exclude-from") || | |||
g_str_has_prefix(argv[i],"--files-from")) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello, would this work?
if (strchr(argv[i], '=')) {
good_option++;
} else {
/* Accept theses options with the following argument */
good_option += 2;
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi,
yeah, i agree that this is a more elegant solution, would have been nice if this was suggested before code got merged. maybe a PR in lines of enhancement to argument checking in runtar ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well there was not much time for review of the PR. I will send you a separate PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, Thanks for your inputs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR #206 against master branch (which does not have this fix yet, as your PR is for the 3_5 branch).
I can submit a PR against 3_5 as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR, i don't think a separate PR would be necessary for 3_5
as we can pick the changes from master.
amgtar sends '-' as a valid value for argument to --file and this should be accounted for when validating arguments in runtar.c
fix was merged as part of this MR : Fixes Open Vulnerability CVE-2022-37705 #196