Merge pull request #196 from prajwaltr93/Fix-Privilege-Escalation-Runtar

amandaTrusted · web-flow · commit 497410c75553 · 2023-02-10T09:59:07.000-06:00
Fixes Open Vulnerability CVE-2022-37705
diff --git a/client-src/runtar.c b/client-src/runtar.c
@@ -191,9 +191,9 @@ main(
 		g_str_has_prefix(argv[i],"--newer") ||
 		g_str_has_prefix(argv[i],"--exclude-from") ||
 		g_str_has_prefix(argv[i],"--files-from")) {
-		/* Accept theses options with the following argument */
-		good_option += 2;
+		good_option++;
 	    } else if (argv[i][0] != '-') {
+		/* argument values are accounted for here */
 		good_option++;
 	    }
 	}

Original file line number	Diff line number	Diff line change
`@@ -191,9 +191,9 @@ main(`
`191`	`191`	`g_str_has_prefix(argv[i],"--newer") \|\|`
`192`	`192`	`g_str_has_prefix(argv[i],"--exclude-from") \|\|`
`193`	`193`	`g_str_has_prefix(argv[i],"--files-from")) {`
`194`		`- /* Accept theses options with the following argument */`
`195`		`- good_option += 2;`
	`194`	`+ good_option++;`
`196`	`195`	`} else if (argv[i][0] != '-') {`
	`196`	`+ /* argument values are accounted for here */`
`197`	`197`	`good_option++;`
`198`	`198`	`}`
`199`	`199`	`}`