Tree - rpms/okular - CentOS Git server

rpms / okular

Files

Blob Blame History Raw
diff --git a/core/document.cpp b/core/document.cpp
index bc0232a..a2c8b46 100644
--- a/core/document.cpp
+++ b/core/document.cpp
@@ -3826,6 +3826,18 @@ bool Document::openDocumentArchive( const QString & docFile, const KUrl & url )
        return false;
 
     const KArchiveDirectory * mainDir = okularArchive.directory();
+
+    // Check the archive doesn't have folders, we don't create them when saving the archive
+    // and folders mean paths and paths mean path traversal issues
+    foreach ( const QString &entry, mainDir->entries() )
+    {
+        if ( mainDir->entry( entry )->isDirectory() )
+        {
+            kWarning(OkularDebug) << "Warning: Found a directory inside" << docFile << " - Okular does not create files like that so it is most probably forged.";
+            return false;
+        }
+    }
+
     const KArchiveEntry * mainEntry = mainDir->entry( "content.xml" );
     if ( !mainEntry || !mainEntry->isFile() )
         return false;
rpms / okular

Source Code

Files
