rpms / file-roller

Clone
Source Code
GIT

Blame SOURCES/file-roller-3.28.1-CVE-2019-16680.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   c8-beta
  2.   SOURCES
  3.   file-roller-3.28.1-CVE-2019-16680.patch
Blob History Raw
47e97d 
From 57268e51e59b61c9e3125eb0f65551c7084297e2 Mon Sep 17 00:00:00 2001
47e97d 
From: Paolo Bacchilega <paobac@src.gnome.org>
47e97d 
Date: Mon, 27 Aug 2018 15:15:42 +0200
47e97d 
Subject: [PATCH] Path traversal vulnerability
47e97d
47e97d 
Do not extract files with relative paths.
47e97d
47e97d 
[bug #794337]
47e97d 
---
47e97d 
 src/glib-utils.c | 2 +-
47e97d 
 1 file changed, 1 insertion(+), 1 deletion(-)
47e97d
47e97d 
diff --git a/src/glib-utils.c b/src/glib-utils.c
47e97d 
index 6d345243..c3901410 100644
47e97d 
--- a/src/glib-utils.c
47e97d 
+++ b/src/glib-utils.c
47e97d 
@@ -1079,7 +1079,7 @@ sanitize_filename (const char *file_name)
47e97d 
 	prefix_len = 0;
47e97d 
 	for (p = file_name; *p; ) {
47e97d 
 		if (ISDOT (p[0]) && ISDOT (p[1]) && (ISSLASH (p[2]) || !p[2]))
47e97d 
-			prefix_len = p + 2 - file_name;
47e97d 
+			return NULL;
47e97d
47e97d 
 		do {
47e97d 
 			char c = *p++;
47e97d 
--
47e97d 
2.26.2
47e97d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation