aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/libarchive/libarchive/test/test_write_disk_secure.c
diff options
context:
space:
mode:
authorMartin Matuska <mm@FreeBSD.org>2016-06-17 22:40:10 +0000
committerMartin Matuska <mm@FreeBSD.org>2016-06-17 22:40:10 +0000
commit27370ec7a5d96b40bfc715dd4e826d3447120ce1 (patch)
treec36277ceb452e4862141a9167b27e72819038726 /contrib/libarchive/libarchive/test/test_write_disk_secure.c
parentbb93646b7a91ffab05590af33e0fc2594c416e88 (diff)
downloadsrc-27370ec7a5d96b40bfc715dd4e826d3447120ce1.tar.gz
src-27370ec7a5d96b40bfc715dd4e826d3447120ce1.zip
MFC r299529,r299540,r299576,r299896:
r299529,r299540: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive r299576,r299896: Fix broken cpio behavior. Relnotes: yes
Notes
Notes: svn path=/stable/10/; revision=302001
Diffstat (limited to 'contrib/libarchive/libarchive/test/test_write_disk_secure.c')
-rw-r--r--contrib/libarchive/libarchive/test/test_write_disk_secure.c43
1 files changed, 43 insertions, 0 deletions
diff --git a/contrib/libarchive/libarchive/test/test_write_disk_secure.c b/contrib/libarchive/libarchive/test/test_write_disk_secure.c
index 30b77f8a4341..5061d9d8f6bc 100644
--- a/contrib/libarchive/libarchive/test/test_write_disk_secure.c
+++ b/contrib/libarchive/libarchive/test/test_write_disk_secure.c
@@ -84,6 +84,27 @@ DEFINE_TEST(test_write_disk_secure)
archive_entry_free(ae);
assert(0 == archive_write_finish_entry(a));
+ /* Write an absolute symlink to /tmp. */
+ assert((ae = archive_entry_new()) != NULL);
+ archive_entry_copy_pathname(ae, "/tmp/libarchive_test-test_write_disk_secure-absolute_symlink");
+ archive_entry_set_mode(ae, S_IFLNK | 0777);
+ archive_entry_set_symlink(ae, "/tmp");
+ archive_write_disk_set_options(a, 0);
+ assert(0 == archive_write_header(a, ae));
+ assert(0 == archive_write_finish_entry(a));
+
+ /* With security checks enabled, this should fail. */
+ assert(archive_entry_clear(ae) != NULL);
+ archive_entry_copy_pathname(ae, "/tmp/libarchive_test-test_write_disk_secure-absolute_symlink/libarchive_test-test_write_disk_secure-absolute_symlink_path.tmp");
+ archive_entry_set_mode(ae, S_IFREG | 0777);
+ archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS);
+ failure("Extracting a file through an absolute symlink should fail here.");
+ assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae));
+ archive_entry_free(ae);
+ assertFileNotExists("/tmp/libarchive_test-test_write_disk_secure-absolute_symlink/libarchive_test-test_write_disk_secure-absolute_symlink_path.tmp");
+ assert(0 == unlink("/tmp/libarchive_test-test_write_disk_secure-absolute_symlink"));
+ unlink("/tmp/libarchive_test-test_write_disk_secure-absolute_symlink_path.tmp");
+
/* Create another link. */
assert((ae = archive_entry_new()) != NULL);
archive_entry_copy_pathname(ae, "link_to_dir2");
@@ -105,6 +126,25 @@ DEFINE_TEST(test_write_disk_secure)
archive_entry_free(ae);
assert(0 == archive_write_finish_entry(a));
+ /* Create a nested symlink. */
+ assert((ae = archive_entry_new()) != NULL);
+ archive_entry_copy_pathname(ae, "dir/nested_link_to_dir");
+ archive_entry_set_mode(ae, S_IFLNK | 0777);
+ archive_entry_set_symlink(ae, "../dir");
+ archive_write_disk_set_options(a, 0);
+ assert(0 == archive_write_header(a, ae));
+ assert(0 == archive_write_finish_entry(a));
+
+ /* But with security checks enabled, this should fail. */
+ assert(archive_entry_clear(ae) != NULL);
+ archive_entry_copy_pathname(ae, "dir/nested_link_to_dir/filed");
+ archive_entry_set_mode(ae, S_IFREG | 0777);
+ archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS);
+ failure("Extracting a file through a symlink should fail here.");
+ assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae));
+ archive_entry_free(ae);
+ assert(0 == archive_write_finish_entry(a));
+
/*
* Without security checks, extracting a dir over a link to a
* dir should follow the link.
@@ -234,5 +274,8 @@ DEFINE_TEST(test_write_disk_secure)
assert(S_ISREG(st.st_mode));
failure("link_to_dir2/filec: st.st_mode=%o", st.st_mode);
assert((st.st_mode & 07777) == 0755);
+
+ failure("dir/filed: This file should not have been created");
+ assert(0 != lstat("dir/filed", &st));
#endif
}