mirrors/busybox
3
0
Fork 0
mirror of https://git.busybox.net/busybox synced 2025-12-04 06:12:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
busybox/archival
History
Exact
Denys Vlasenko f5e1bf966b archival/libarchive: sanitize filenames on output (prevent control sequence attacks 
This fixes CVE-2025-46394 (terminal escape sequence injection)

Original credit: Ian.Norton at entrust.com

function                                             old     new   delta
header_list                                            9      15      +6
header_verbose_list                                  239     244      +5
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 11/0)               Total: 11 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2025-09-24 03:30:12 +02:00
..
libarchive archival/libarchive: sanitize filenames on output (prevent control sequence attacks 2025-09-24 03:30:12 +02:00
ar.c libbb: eliminate a static data array in bb_mode_string() 2021-09-17 01:18:31 +02:00
bbunzip.c libbb/archival: make setup_unzip_on_fd() return bytes read if not compressed 2025-04-20 23:49:33 +02:00
bbunzip_test.sh add tests for gunzip 2007-10-05 15:27:03 +00:00
bbunzip_test2.sh add tests for gunzip 2007-10-05 15:27:03 +00:00
bbunzip_test3.sh add tests for gunzip 2007-10-05 15:27:03 +00:00
bzip2.c *: --help tweaks 2021-06-14 20:47:20 +02:00
chksum_and_xwrite_tar_header.c tar,smemcap: silence compiler warning 2021-08-22 15:44:57 +02:00
Config.src archival: disallow path traversals (CVE-2023-39810) 2025-04-16 03:03:17 +02:00
cpio.c cpio: map -F to --file long option 2025-07-02 00:07:18 +02:00
dpkg.c *: style fix 2022-08-30 16:41:17 +02:00
dpkg_deb.c Update applet size estimates 2023-07-10 17:25:21 +02:00
gzip.c *: --help tweaks 2021-06-14 20:47:20 +02:00
Kbuild.src cpio: implement -R/--owner 2015-10-16 17:24:46 +02:00
lzop.c Update applet size estimates 2023-07-10 17:25:21 +02:00
rpm.c rpm2cpio: extract cpio even if compression is not known 2025-04-20 23:59:38 +02:00
rpm.h *: make GNU licensing statement forms more regular 2010-08-16 20:14:46 +02:00
tar.c libbb/archival: make setup_unzip_on_fd() return bytes read if not compressed 2025-04-20 23:49:33 +02:00
tar_symlink_attack tar: postpone creation of symlinks with "suspicious" targets. Closes 8411 2017-07-24 17:20:13 +02:00
unzip.c unzip: document some options we might support 2023-02-23 12:00:36 +01:00