diff options
Diffstat (limited to 'libelf')
| -rw-r--r-- | libelf/ChangeLog | 5 | ||||
| -rw-r--r-- | libelf/elf_begin.c | 5 |
2 files changed, 6 insertions, 4 deletions
diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 3b88d031..447c3546 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,3 +1,8 @@ +2014-12-28 Alexander Cherepanov <[email protected]> + + * elf_begin.c (read_long_names): Don't miss '/' right after + another '/'. Fixes a dir traversal vuln in ar extraction. + 2014-12-18 Ulrich Drepper <[email protected]> * Makefile.am: Suppress output of textrel_check command. diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c index 30abe0bf..cd3756cc 100644 --- a/libelf/elf_begin.c +++ b/libelf/elf_begin.c @@ -749,10 +749,7 @@ read_long_names (Elf *elf) } /* NUL-terminate the string. */ - *runp = '\0'; - - /* Skip the NUL byte and the \012. */ - runp += 2; + *runp++ = '\0'; /* A sanity check. Somebody might have generated invalid archive. */ |