wok view busybox/stuff/busybox-1.37-CVE-2025-46394.u @ rev 25896
busybox: add CVE-2025-46394 fix
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Sun Oct 12 06:53:24 2025 +0000 (2 weeks ago) |
| parents | |
| children |
line source
1 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
2 --- a/archival/libarchive/header_list.c
3 +++ b/archival/libarchive/header_list.c
4 @@ -8,5 +8,6 @@
5 void FAST_FUNC header_list(const file_header_t *file_header)
6 {
7 //TODO: cpio -vp DIR should output "DIR/NAME", not just "NAME" */
8 - puts(file_header->name);
9 + bb_safe_dump_str(stdout, file_header->name);
10 + bb_putchar('\n');
11 }
12 --- a/archival/libarchive/header_verbose_list.c
13 +++ b/archival/libarchive/header_verbose_list.c
14 @@ -29,7 +29,7 @@
15 /*sprintf(gid, "%u", (unsigned)file_header->gid);*/
16 group = utoa(file_header->gid);
17 }
18 - printf("%s %s/%s %9"OFF_FMT"u %4u-%02u-%02u %02u:%02u:%02u %s",
19 + printf("%s %s/%s %9"OFF_FMT"u %4u-%02u-%02u %02u:%02u:%02u",
20 bb_mode_string(modestr, file_header->mode),
21 user,
22 group,
23 @@ -39,14 +39,13 @@
24 ptm->tm_mday,
25 ptm->tm_hour,
26 ptm->tm_min,
27 - ptm->tm_sec,
28 - file_header->name);
29 + ptm->tm_sec);
31 #else /* !FEATURE_TAR_UNAME_GNAME */
33 localtime_r(&file_header->mtime, ptm);
35 - printf("%s %u/%u %9"OFF_FMT"u %4u-%02u-%02u %02u:%02u:%02u %s",
36 + printf("%s %u/%u %9"OFF_FMT"u %4u-%02u-%02u %02u:%02u:%02u",
37 bb_mode_string(modestr, file_header->mode),
38 (unsigned)file_header->uid,
39 (unsigned)file_header->gid,
40 @@ -56,14 +55,15 @@
41 ptm->tm_mday,
42 ptm->tm_hour,
43 ptm->tm_min,
44 - ptm->tm_sec,
45 - file_header->name);
46 + ptm->tm_sec);
48 #endif /* FEATURE_TAR_UNAME_GNAME */
50 + bb_safe_dump_str(stdout, file_header->name);
51 /* NB: GNU tar shows "->" for symlinks and "link to" for hardlinks */
52 if (file_header->link_target) {
53 - printf(" -> %s", file_header->link_target);
54 + printf(" -> ");
55 + bb_safe_dump_str(stdout, file_header->link_target);
56 }
57 bb_putchar('\n');
58 }
59 --- a/include/libbb.h
60 +++ b/include/libbb.h
61 @@ -2524,6 +2524,14 @@
62 #define isgraph_asciionly(a) ((unsigned)((a) - 0x21) <= 0x7e - 0x21)
63 #define isprint_asciionly(a) ((unsigned)((a) - 0x20) <= 0x7e - 0x20)
65 +/* Print msg to a file-descriptor, replacing any unprintable and terminal escape bytes with '?' if fd is a TTY */
66 +static ALWAYS_INLINE void bb_safe_dump_str(FILE* fd, const char* msg) {
67 + int fdno = fileno(fd);
68 + if (isatty(fdno)) {
69 + msg = printable_string(msg);
70 + }
71 + fprintf(fd, "%s", msg);
72 +}
74 /* Simple unit-testing framework */