diff options
Diffstat (limited to 'lib/stdlib')
| -rw-r--r-- | lib/stdlib/doc/src/dets.xml | 2 | ||||
| -rw-r--r-- | lib/stdlib/doc/src/ets.xml | 8 | ||||
| -rw-r--r-- | lib/stdlib/doc/src/notes.xml | 64 | ||||
| -rw-r--r-- | lib/stdlib/doc/src/proc_lib.xml | 4 | ||||
| -rw-r--r-- | lib/stdlib/doc/src/queue.xml | 2 | ||||
| -rw-r--r-- | lib/stdlib/doc/src/stdlib_app.xml | 8 | ||||
| -rw-r--r-- | lib/stdlib/doc/src/timer.xml | 2 | ||||
| -rw-r--r-- | lib/stdlib/doc/src/unicode_usage.xml | 8 | ||||
| -rw-r--r-- | lib/stdlib/doc/src/zip.xml | 6 | ||||
| -rw-r--r-- | lib/stdlib/src/beam_lib.erl | 2 | ||||
| -rw-r--r-- | lib/stdlib/src/stdlib.appup.src | 4 | ||||
| -rw-r--r-- | lib/stdlib/src/zip.erl | 82 | ||||
| -rw-r--r-- | lib/stdlib/test/zip_SUITE.erl | 50 | ||||
| -rw-r--r-- | lib/stdlib/test/zip_SUITE_data/exploit.zip | bin | 0 -> 797 bytes | |||
| -rw-r--r-- | lib/stdlib/vsn.mk | 2 |
15 files changed, 195 insertions, 49 deletions
diff --git a/lib/stdlib/doc/src/dets.xml b/lib/stdlib/doc/src/dets.xml index 3b134d00b7..2e4261d72e 100644 --- a/lib/stdlib/doc/src/dets.xml +++ b/lib/stdlib/doc/src/dets.xml @@ -391,7 +391,7 @@ <item> <p><c>{hash, Hash}</c> - Describes which BIF is used to calculate the hash values of the objects stored in the - <c>dets</c> table. Possible values of <c>Hash</c>:</p> + Dets table. Possible values of <c>Hash</c>:</p> <list> <item> <p><c>hash</c> - Implies that the <c>erlang:hash/2</c> BIF diff --git a/lib/stdlib/doc/src/ets.xml b/lib/stdlib/doc/src/ets.xml index b8e262208d..5f5d2b7f36 100644 --- a/lib/stdlib/doc/src/ets.xml +++ b/lib/stdlib/doc/src/ets.xml @@ -369,7 +369,7 @@ variable that in turn is passed to the function.</p> <p>The parse transform is provided in the <c>ms_transform</c> module and the source <em>must</em> include - file <c>ms_transform.hrl</c> in <c>STDLIB</c> for this + file <c>ms_transform.hrl</c> in STDLIB for this pseudo function to work. Failing to include the hrl file in the source results in a runtime error, not a compile time error. The include file is easiest included by adding line @@ -1458,7 +1458,7 @@ is_integer(X), is_integer(Y), X + Y < 4711]]></code> specification returned <c>true</c>.</fsummary> <desc> <p>Matches the objects in table <c><anno>Tab</anno></c> using a - <seealso marker="#match_spec">match specificationc</seealso>. If the + <seealso marker="#match_spec">match specification</seealso>. If the match specification returns <c>true</c> for an object, that object considered a match and is counted. For any other result from the match specification the object is not considered a match and is @@ -1644,7 +1644,7 @@ is_integer(X), is_integer(Y), X + Y < 4711]]></code> </taglist> <p>Whenever option <c>extended_info</c> is used, it results in a file not readable by versions of ETS before - that in <c>STDLIB</c> 1.15.1</p> + that in STDLIB 1.15.1</p> <p>If option <c>sync</c> is set to <c>true</c>, it ensures that the content of the file is written to the disk before <c>tab2file</c> returns. Defaults to <c>{sync, false}</c>.</p> @@ -1725,7 +1725,7 @@ is_integer(X), is_integer(Y), X + Y < 4711]]></code> <p>A tuple <c>{<anno>Major</anno>,<anno>Minor</anno>}</c> containing the major and minor version of the file format for ETS table dumps. This - version field was added beginning with <c>STDLIB</c> 1.5.1. + version field was added beginning with STDLIB 1.5.1. Files dumped with older versions return <c>{0,0}</c> in this field.</p> </item> diff --git a/lib/stdlib/doc/src/notes.xml b/lib/stdlib/doc/src/notes.xml index d8fec1147f..554150380f 100644 --- a/lib/stdlib/doc/src/notes.xml +++ b/lib/stdlib/doc/src/notes.xml @@ -31,6 +31,66 @@ </header> <p>This document describes the changes made to the STDLIB application.</p> +<section><title>STDLIB 3.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + The <c>zip:unzip/1,2</c> and <c>zip:extract/1,2</c> + functions have been updated to handle directory traversal + exploits. Any element in the zip file that contains a + path that points to a directory above the top level + working directory, <c>cwd</c>, will instead be extracted + in <c>cwd</c>. An error message is printed for any such + element in the zip file during the unzip operation. The + <c>keep_old_files</c> option determines if a file will + overwrite a previous file with the same name within the + zip file.</p> + <p> + Own Id: OTP-13633</p> + </item> + <item> + <p> Correct the contracts for + <c>ets:match_object/1,3</c>. </p> + <p> + Own Id: OTP-13721 Aux Id: PR-1113 </p> + </item> + <item> + <p> + Errors in type specification and Emacs template + generation for <c>gen_statem:code_change/4</c> has been + fixed from bugs.erlang.org's Jira cases ERL-172 and + ERL-187.</p> + <p> + Own Id: OTP-13746 Aux Id: ERL-172, ERL-187 </p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + gen_statem has been changed to set the callback mode for + a server to what Module:callback_mode/0 returns. This + facilitates e.g code downgrade since the callback mode + now becomes a property of the currently active code, not + of the server process.</p> + <p> + Exception handling from Module:init/1 has also been + improved.</p> + <p> + *** POTENTIAL INCOMPATIBILITY ***</p> + <p> + Own Id: OTP-13752</p> + </item> + </list> + </section> + +</section> + <section><title>STDLIB 3.0.1</title> <section><title>Fixed Bugs and Malfunctions</title> @@ -526,7 +586,7 @@ </item> <item> <p> - The <c>stdlib</c> reference manual is updated to show + The STDLIB reference manual is updated to show correct information about the return value of <c>gen_fsm:reply/2</c>.</p> <p> @@ -6236,7 +6296,7 @@ documentation for <c>compile</c> on how to provide the key for encrypting, and the documentation for <c>beam_lib</c> on how to provide the key for decryption so that tools such - as the Debugger, <c>xref</c>, or <c>cover</c> can be used.</p> + as the Debugger, Xref, or Cover can be used.</p> <p>The <c>beam_lib:chunks/2</c> functions now accepts an additional chunk type <c>compile_info</c> to retrieve the compilation information directly as a term. (Thanks diff --git a/lib/stdlib/doc/src/proc_lib.xml b/lib/stdlib/doc/src/proc_lib.xml index 58ca5644cf..da03c39a26 100644 --- a/lib/stdlib/doc/src/proc_lib.xml +++ b/lib/stdlib/doc/src/proc_lib.xml @@ -59,9 +59,9 @@ <p>When a process that is started using <c>proc_lib</c> terminates abnormally (that is, with another exit reason than <c>normal</c>, <c>shutdown</c>, or <c>{shutdown,Term}</c>), a <em>crash report</em> - is generated, which is written to terminal by the default <c>SASL</c> + is generated, which is written to terminal by the default SASL event handler. That is, the crash report is normally only visible - if the <c>SASL</c> application is started; see + if the SASL application is started; see <seealso marker="sasl:sasl_app"><c>sasl(6)</c></seealso> and section <seealso marker="sasl:error_logging">SASL Error Logging</seealso> in the SASL User's Guide.</p> diff --git a/lib/stdlib/doc/src/queue.xml b/lib/stdlib/doc/src/queue.xml index a46ca47033..9f3aff03a3 100644 --- a/lib/stdlib/doc/src/queue.xml +++ b/lib/stdlib/doc/src/queue.xml @@ -401,7 +401,7 @@ </func> <func> - <name name="liat" arity="1"/>v + <name name="liat" arity="1"/> <fsummary>Remove the tail item from a queue.</fsummary> <desc> <p>Returns a queue <c><anno>Q2</anno></c> that is the result of removing diff --git a/lib/stdlib/doc/src/stdlib_app.xml b/lib/stdlib/doc/src/stdlib_app.xml index cde73269a8..f857cc394b 100644 --- a/lib/stdlib/doc/src/stdlib_app.xml +++ b/lib/stdlib/doc/src/stdlib_app.xml @@ -31,14 +31,14 @@ <app>STDLIB</app> <appsummary>The STDLIB application.</appsummary> <description> - <p>The <c>STDLIB</c> application is mandatory in the sense that the minimal - system based on Erlang/OTP consists of <c>Kernel</c> and <c>STDLIB</c>. - The <c>STDLIB</c> application contains no services.</p> + <p>The STDLIB application is mandatory in the sense that the minimal + system based on Erlang/OTP consists of Kernel and STDLIB. + The STDLIB application contains no services.</p> </description> <section> <title>Configuration</title> - <p>The following configuration parameters are defined for the <c>STDLIB</c> + <p>The following configuration parameters are defined for the STDLIB application. For more information about configuration parameters, see the <seealso marker="kernel:app"><c>app(4)</c></seealso> module in Kernel.</p> diff --git a/lib/stdlib/doc/src/timer.xml b/lib/stdlib/doc/src/timer.xml index 8f2ce36b06..fcaccdb2cb 100644 --- a/lib/stdlib/doc/src/timer.xml +++ b/lib/stdlib/doc/src/timer.xml @@ -253,7 +253,7 @@ is needed. This is useful during development, but in a target system the server is to be started explicitly. Use configuration parameters for - <seealso marker="kernel:index"><c>Kernel</c></seealso> for this.</p> + <seealso marker="kernel:index">Kernel</seealso> for this.</p> </desc> </func> diff --git a/lib/stdlib/doc/src/unicode_usage.xml b/lib/stdlib/doc/src/unicode_usage.xml index 7f79ac88a1..efc8b75075 100644 --- a/lib/stdlib/doc/src/unicode_usage.xml +++ b/lib/stdlib/doc/src/unicode_usage.xml @@ -274,8 +274,8 @@ marker="stdlib:io"><c>io</c></seealso> module, the file handling, the <seealso marker="stdlib:unicode"><c>unicode</c></seealso> module, and - the bit syntax). Today most modules in <c>Kernel</c> and - <c>STDLIB</c>, as well as the VM are Unicode-aware.</p> + the bit syntax). Today most modules in Kernel and + STDLIB, as well as the VM are Unicode-aware.</p> </item> <tag>File I/O</tag> <item> @@ -765,7 +765,7 @@ Eshell V5.10.1 (abort with ^G) file system). The Unicode character list is used to denote filenames or directory names. If the file system content is listed, you also get Unicode lists as return value. The support - lies in the <c>Kernel</c> and <c>STDLIB</c> modules, which is why + lies in the Kernel and STDLIB modules, which is why most applications (that does not explicitly require the filenames to be in the ISO Latin-1 range) benefit from the Unicode support without change.</p> @@ -843,7 +843,7 @@ Eshell V5.10.1 (abort with ^G) <title>Notes About Raw Filenames</title> <marker id="notes-about-raw-filenames"/> <p>Raw filenames were introduced together with Unicode filename support - in <c>ERTS</c> 5.8.2 (Erlang/OTP R14B01). The reason "raw + in ERTS 5.8.2 (Erlang/OTP R14B01). The reason "raw filenames" were introduced in the system was to be able to represent filenames, specified in different encodings on the same system, diff --git a/lib/stdlib/doc/src/zip.xml b/lib/stdlib/doc/src/zip.xml index de23608046..0b5eac1e16 100644 --- a/lib/stdlib/doc/src/zip.xml +++ b/lib/stdlib/doc/src/zip.xml @@ -138,7 +138,7 @@ <p>File information as in <seealso marker="kernel:file#read_file_info/1"> <c>file:read_file_info/1</c></seealso> - in <c>Kernel</c></p> + in Kernel</p> </item> <tag><c>comment</c></tag> <item> @@ -345,7 +345,7 @@ prepended to filenames when extracting them from the zip archive. (Acting like <seealso marker="kernel:file#set_cwd/1"> - <c>file:set_cwd/1</c></seealso> in <c>Kernel</c>, + <c>file:set_cwd/1</c></seealso> in Kernel, but without changing the global <c>cwd</c> property.)</p> </item> </taglist> @@ -420,7 +420,7 @@ (<c>cwd</c>). This is prepended to filenames when adding them, although not in the zip archive (acting like <seealso marker="kernel:file#set_cwd/1"> - <c>file:set_cwd/1</c></seealso> in <c>Kernel</c>, but without + <c>file:set_cwd/1</c></seealso> in Kernel, but without changing the global <c>cwd</c> property.).</p> </item> <tag><c>{compress, <anno>What</anno>}</c></tag> diff --git a/lib/stdlib/src/beam_lib.erl b/lib/stdlib/src/beam_lib.erl index fe9df601eb..d7ee5c1f5d 100644 --- a/lib/stdlib/src/beam_lib.erl +++ b/lib/stdlib/src/beam_lib.erl @@ -55,7 +55,7 @@ -type beam() :: module() | file:filename() | binary(). --type forms() :: [erl_parse:abstract_form()]. +-type forms() :: [erl_parse:abstract_form() | erl_parse:form_info()]. -type abst_code() :: {AbstVersion :: atom(), forms()} | 'no_abstract_code'. -type dataB() :: binary(). diff --git a/lib/stdlib/src/stdlib.appup.src b/lib/stdlib/src/stdlib.appup.src index 9877662743..e917b7ea1f 100644 --- a/lib/stdlib/src/stdlib.appup.src +++ b/lib/stdlib/src/stdlib.appup.src @@ -18,9 +18,9 @@ %% %CopyrightEnd% {"%VSN%", %% Up from - max one major revision back - [{<<"3\\.0(\\.[0-9]+)*">>,[restart_new_emulator]}, % OTP-19.* + [{<<"3\\.[0-1](\\.[0-9]+)*">>,[restart_new_emulator]}, % OTP-19.* {<<"2\\.[5-8](\\.[0-9]+)*">>,[restart_new_emulator]}], % OTP-18.* %% Down to - max one major revision back - [{<<"3\\.0(\\.[0-9]+)*">>,[restart_new_emulator]}, % OTP-19.* + [{<<"3\\.[0-1](\\.[0-9]+)*">>,[restart_new_emulator]}, % OTP-19.* {<<"2\\.[5-8](\\.[0-9]+)*">>,[restart_new_emulator]}] % OTP-18.* }. diff --git a/lib/stdlib/src/zip.erl b/lib/stdlib/src/zip.erl index f8ba6f18e9..340cc21390 100644 --- a/lib/stdlib/src/zip.erl +++ b/lib/stdlib/src/zip.erl @@ -279,7 +279,8 @@ do_openzip_get(F, #openzip{files = Files, in = In0, input = Input, case file_name_search(F, Files) of {#zip_file{offset = Offset},_}=ZFile -> In1 = Input({seek, bof, Offset}, In0), - case get_z_file(In1, Z, Input, Output, [], fun silent/1, CWD, ZFile) of + case get_z_file(In1, Z, Input, Output, [], fun silent/1, + CWD, ZFile, fun all/1) of {file, R, _In2} -> {ok, R}; _ -> throw(file_not_found) end; @@ -1403,9 +1404,10 @@ get_z_files([{#zip_file{offset = Offset},_} = ZFile | Rest], Z, In0, true -> In1 = Input({seek, bof, Offset}, In0), {In2, Acc1} = - case get_z_file(In1, Z, Input, Output, OpO, FB, CWD, ZFile) of + case get_z_file(In1, Z, Input, Output, OpO, FB, + CWD, ZFile, Filter) of {file, GZD, Inx} -> {Inx, [GZD | Acc0]}; - {dir, Inx} -> {Inx, Acc0} + {_, Inx} -> {Inx, Acc0} end, get_z_files(Rest, Z, In2, Opts, Acc1); _ -> @@ -1413,7 +1415,8 @@ get_z_files([{#zip_file{offset = Offset},_} = ZFile | Rest], Z, In0, end. %% get a file from the archive, reading chunks -get_z_file(In0, Z, Input, Output, OpO, FB, CWD, {ZipFile,Extra}) -> +get_z_file(In0, Z, Input, Output, OpO, FB, + CWD, {ZipFile,Extra}, Filter) -> case Input({read, ?LOCAL_FILE_HEADER_SZ}, In0) of {eof, In1} -> {eof, In1}; @@ -1433,29 +1436,64 @@ get_z_file(In0, Z, Input, Output, OpO, FB, CWD, {ZipFile,Extra}) -> end, {BFileN, In3} = Input({read, FileNameLen + ExtraLen}, In1), {FileName, _} = get_file_name_extra(FileNameLen, ExtraLen, BFileN), - FileName1 = add_cwd(CWD, FileName), - case lists:last(FileName) of - $/ -> - %% perhaps this should always be done? - Output({ensure_dir,FileName1},[]), - {dir, In3}; - _ -> - %% FileInfo = local_file_header_to_file_info(LH) - %%{Out, In4, CRC, UncompSize} = - {Out, In4, CRC, _UncompSize} = - get_z_data(CompMethod, In3, FileName1, - CompSize, Input, Output, OpO, Z), - In5 = skip_z_data_descriptor(GPFlag, Input, In4), - %% TODO This should be fixed some day: - %% In5 = Input({set_file_info, FileName, FileInfo#file_info{size=UncompSize}}, In4), - FB(FileName), - CRC =:= CRC32 orelse throw({bad_crc, FileName}), - {file, Out, In5} + ReadAndWrite = + case check_valid_location(CWD, FileName) of + {true,FileName1} -> + true; + {false,FileName1} -> + Filter({ZipFile#zip_file{name = FileName1},Extra}) + end, + case ReadAndWrite of + true -> + case lists:last(FileName) of + $/ -> + %% perhaps this should always be done? + Output({ensure_dir,FileName1},[]), + {dir, In3}; + _ -> + %% FileInfo = local_file_header_to_file_info(LH) + %%{Out, In4, CRC, UncompSize} = + {Out, In4, CRC, _UncompSize} = + get_z_data(CompMethod, In3, FileName1, + CompSize, Input, Output, OpO, Z), + In5 = skip_z_data_descriptor(GPFlag, Input, In4), + %% TODO This should be fixed some day: + %% In5 = Input({set_file_info, FileName, + %% FileInfo#file_info{size=UncompSize}}, In4), + FB(FileName), + CRC =:= CRC32 orelse throw({bad_crc, FileName}), + {file, Out, In5} + end; + false -> + {ignore, In3} end; _ -> throw(bad_local_file_header) end. +%% make sure FileName doesn't have relative path that points over CWD +check_valid_location(CWD, FileName) -> + %% check for directory traversal exploit + case check_dir_level(filename:split(FileName), 0) of + {FileOrDir,Level} when Level < 0 -> + CWD1 = if CWD == "" -> "./"; + true -> CWD + end, + error_logger:format("Illegal path: ~ts, extracting in ~ts~n", + [add_cwd(CWD,FileName),CWD1]), + {false,add_cwd(CWD, FileOrDir)}; + _ -> + {true,add_cwd(CWD, FileName)} + end. + +check_dir_level([FileOrDir], Level) -> + {FileOrDir,Level}; +check_dir_level(["." | Parts], Level) -> + check_dir_level(Parts, Level); +check_dir_level([".." | Parts], Level) -> + check_dir_level(Parts, Level-1); +check_dir_level([_Dir | Parts], Level) -> + check_dir_level(Parts, Level+1). get_file_name_extra(FileNameLen, ExtraLen, B) -> case B of diff --git a/lib/stdlib/test/zip_SUITE.erl b/lib/stdlib/test/zip_SUITE.erl index 2add5a39a2..7d90795c9e 100644 --- a/lib/stdlib/test/zip_SUITE.erl +++ b/lib/stdlib/test/zip_SUITE.erl @@ -25,6 +25,7 @@ zip_to_binary/1, unzip_options/1, zip_options/1, list_dir_options/1, aliases/1, openzip_api/1, zip_api/1, open_leak/1, unzip_jar/1, + unzip_traversal_exploit/1, compress_control/1, foldl/1]). @@ -38,7 +39,8 @@ all() -> [borderline, atomic, bad_zip, unzip_from_binary, unzip_to_binary, zip_to_binary, unzip_options, zip_options, list_dir_options, aliases, openzip_api, - zip_api, open_leak, unzip_jar, compress_control, foldl]. + zip_api, open_leak, unzip_jar, compress_control, foldl, + unzip_traversal_exploit]. groups() -> []. @@ -377,6 +379,52 @@ unzip_options(Config) when is_list(Config) -> 0 = delete_files([Subdir]), ok. +%% Test that unzip handles directory traversal exploit (OTP-13633) +unzip_traversal_exploit(Config) -> + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), + ZipName = filename:join(DataDir, "exploit.zip"), + + %% $ zipinfo -1 test/zip_SUITE_data/exploit.zip + %% clash.txt + %% ../clash.txt + %% ../above.txt + %% subdir/../in_root_dir.txt + + %% create a temp directory + SubDir = filename:join(PrivDir, "exploit_test"), + ok = file:make_dir(SubDir), + + ClashFile = filename:join(SubDir,"clash.txt"), + AboveFile = filename:join(SubDir,"above.txt"), + RelativePathFile = filename:join(SubDir,"subdir/../in_root_dir.txt"), + + %% unzip in SubDir + {ok, [ClashFile, ClashFile, AboveFile, RelativePathFile]} = + zip:unzip(ZipName, [{cwd,SubDir}]), + + {ok,<<"This file will overwrite other file.\n">>} = + file:read_file(ClashFile), + {ok,_} = file:read_file(AboveFile), + {ok,_} = file:read_file(RelativePathFile), + + %% clean up + delete_files([SubDir]), + + %% create the temp directory again + ok = file:make_dir(SubDir), + + %% unzip in SubDir + {ok, [ClashFile, AboveFile, RelativePathFile]} = + zip:unzip(ZipName, [{cwd,SubDir},keep_old_files]), + + {ok,<<"This is the original file.\n">>} = + file:read_file(ClashFile), + + %% clean up + delete_files([SubDir]), + ok. + %% Test unzip a jar file (OTP-7382). unzip_jar(Config) when is_list(Config) -> DataDir = proplists:get_value(data_dir, Config), diff --git a/lib/stdlib/test/zip_SUITE_data/exploit.zip b/lib/stdlib/test/zip_SUITE_data/exploit.zip Binary files differnew file mode 100644 index 0000000000..afb8dbd192 --- /dev/null +++ b/lib/stdlib/test/zip_SUITE_data/exploit.zip diff --git a/lib/stdlib/vsn.mk b/lib/stdlib/vsn.mk index 41037b8f53..c74343d9ca 100644 --- a/lib/stdlib/vsn.mk +++ b/lib/stdlib/vsn.mk @@ -1 +1 @@ -STDLIB_VSN = 3.0.1 +STDLIB_VSN = 3.1 |