Fix to backups failing after Fix to CVE-2022-37705 runtar.c #204
Conversation
- amgtar send '-' as a valid value for argument to --file
prajwaltr93
changed the title
amandaTrusted
changed the title
| @@ -192,8 +192,9 @@ main( | |||
| g_str_has_prefix(argv[i],"--exclude-from") || | |||
| g_str_has_prefix(argv[i],"--files-from")) { | |||
There was a problem hiding this comment.
Hello, would this work?
if (strchr(argv[i], '=')) {
good_option++;
} else {
/* Accept theses options with the following argument */
good_option += 2;
}There was a problem hiding this comment.
Hi,
yeah, i agree that this is a more elegant solution, would have been nice if this was suggested before code got merged. maybe a PR in lines of enhancement to argument checking in runtar ?
There was a problem hiding this comment.
Well there was not much time for review of the PR. I will send you a separate PR.
There was a problem hiding this comment.
Sure, Thanks for your inputs.
There was a problem hiding this comment.
PR #206 against master branch (which does not have this fix yet, as your PR is for the 3_5 branch).
I can submit a PR against 3_5 as well.
There was a problem hiding this comment.
Thanks for the PR, i don't think a separate PR would be necessary for 3_5 as we can pick the changes from master.
amgtar sends '-' as a valid value for argument to --file and this should be accounted for when validating arguments in runtar.c
fix was merged as part of this MR : Fixes Open Vulnerability CVE-2022-37705 #196