rpms / okular

Clone
Source Code
GIT

Blame SOURCES/okular-fix-path-traversal-issue-when-extracting-okular-file.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta
  1.   c7-beta
  2.   SOURCES
  3.   okular-fix-path-traversal-issue-when-extracting-okular-file.patch
Blob History Raw
6c0c0b 
diff --git a/core/document.cpp b/core/document.cpp
6c0c0b 
index bc0232a..a2c8b46 100644
6c0c0b 
--- a/core/document.cpp
6c0c0b 
+++ b/core/document.cpp
6c0c0b 
@@ -3826,6 +3826,18 @@ bool Document::openDocumentArchive( const QString & docFile, const KUrl & url )
6c0c0b 
        return false;
6c0c0b
6c0c0b 
     const KArchiveDirectory * mainDir = okularArchive.directory();
6c0c0b 
+
6c0c0b 
+    // Check the archive doesn't have folders, we don't create them when saving the archive
6c0c0b 
+    // and folders mean paths and paths mean path traversal issues
6c0c0b 
+    foreach ( const QString &entry, mainDir->entries() )
6c0c0b 
+    {
6c0c0b 
+        if ( mainDir->entry( entry )->isDirectory() )
6c0c0b 
+        {
6c0c0b 
+            kWarning(OkularDebug) << "Warning: Found a directory inside" << docFile << " - Okular does not create files like that so it is most probably forged.";
6c0c0b 
+            return false;
6c0c0b 
+        }
6c0c0b 
+    }
6c0c0b 
+
6c0c0b 
     const KArchiveEntry * mainEntry = mainDir->entry( "content.xml" );
6c0c0b 
     if ( !mainEntry || !mainEntry->isFile() )
6c0c0b 
         return false;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation