Large mod-time values poison arhives, preventing restoration
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| dar (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: dar
If a file is backed up which has a very large (more than 32 bits?)
mod-time value, then dar segfaults when trying to restore the archive, or even list it.
This is a catastrophic problem, and a security problem,
because any user can create such a file which, when backed up, prevents access
to any files in the archive after that point in the archive.
Attached is a perl script which creates such a "poison" file.
DEMO:
Download create_
midir testdir
(cd testdir && create_
dar --fs-root `pwd`/testdir --create /tmp/dartest --verbose
dar --list /tmp/dartest # SEGFAULTs
ProblemType: Bug
Architecture: amd64
Date: Mon Apr 5 17:45:32 2010
DistroRelease: Ubuntu 9.10
NonfreeKernelMo
Package: dar 2.3.9-1ubuntu1
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: dar
Uname: Linux 2.6.31-21-generic x86_64
| jimav (james-avera) wrote | #1 |
| visibility: | private → public |
| Changed in dar (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| Denis Corbin (78luphr0rnk2nuqimstywepozxn9kl19tqh0tx66b5dki1xxsh5mkz9gl21a5rlwf-1vd1jn0oc-a811i2i3ytqlsztthjth0svbccw8inm65tmkqp9sarr553jq53in4xm1m8wn3o4rl) wrote | #2 |
| Changed in dar (Ubuntu): | |
| status: | Confirmed → Fix Released |
Hello,
this bug is fixed since in dar release 2.3.10 (April 9th, 2010)
Regards,
Denis Corbin.