wok-next view arj/stuff/patches/CVE-2015-0557-dir-traversal.patch @ rev 19715
Fix building: pciutils, pcmanfm-legacy, arj
| author | Aleksej Bobylev <al.bobylev@gmail.com> |
|---|---|
| date | Sat May 13 17:25:31 2017 +0300 (2017-05-13) |
| parents | |
| children |
line source
1 Description: Fix absolute path traversals.
2 Catch multiple leading slashes when checking for absolute path traversals.
3 .
4 Fixes CVE-2015-0557.
5 Author: Guillem Jover <guillem@debian.org>
6 Origin: vendor
7 Bug-Debian: https://bugs.debian.org/774435
8 Forwarded: no
9 Last-Update: 2015-02-26
11 ---
12 environ.c | 3 +++
13 1 file changed, 3 insertions(+)
15 --- a/environ.c
16 +++ b/environ.c
17 @@ -1087,6 +1087,8 @@ static char *validate_path(char *name)
18 if(action!=VALIDATE_DRIVESPEC)
19 {
20 #endif
21 + while (name[0]!='\0'&&
22 + (name[0]=='.'||name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)) {
23 if(name[0]=='.')
24 {
25 if(name[1]=='.'&&(name[2]==PATHSEP_DEFAULT||name[2]==PATHSEP_UNIX))
26 @@ -1096,6 +1098,7 @@ static char *validate_path(char *name)
27 }
28 if(name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)
29 name++; /* "\\" - revert to root */
30 + }
31 #if SFX_LEVEL>=ARJSFXV
32 }
33 }