wok-next diff arj/stuff/patches/CVE-2015-0557-dir-traversal.patch @ rev 21727
created recipe for vbindiff
author | Hans-G?nter Theisgen |
---|---|
date | Sat Nov 21 14:32:44 2020 +0100 (2020-11-21) |
parents | |
children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/arj/stuff/patches/CVE-2015-0557-dir-traversal.patch Sat Nov 21 14:32:44 2020 +0100 1.3 @@ -0,0 +1,33 @@ 1.4 +Description: Fix absolute path traversals. 1.5 + Catch multiple leading slashes when checking for absolute path traversals. 1.6 + . 1.7 + Fixes CVE-2015-0557. 1.8 +Author: Guillem Jover <guillem@debian.org> 1.9 +Origin: vendor 1.10 +Bug-Debian: https://bugs.debian.org/774435 1.11 +Forwarded: no 1.12 +Last-Update: 2015-02-26 1.13 + 1.14 +--- 1.15 + environ.c | 3 +++ 1.16 + 1 file changed, 3 insertions(+) 1.17 + 1.18 +--- a/environ.c 1.19 ++++ b/environ.c 1.20 +@@ -1087,6 +1087,8 @@ static char *validate_path(char *name) 1.21 + if(action!=VALIDATE_DRIVESPEC) 1.22 + { 1.23 + #endif 1.24 ++ while (name[0]!='\0'&& 1.25 ++ (name[0]=='.'||name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)) { 1.26 + if(name[0]=='.') 1.27 + { 1.28 + if(name[1]=='.'&&(name[2]==PATHSEP_DEFAULT||name[2]==PATHSEP_UNIX)) 1.29 +@@ -1096,6 +1098,7 @@ static char *validate_path(char *name) 1.30 + } 1.31 + if(name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX) 1.32 + name++; /* "\\" - revert to root */ 1.33 ++ } 1.34 + #if SFX_LEVEL>=ARJSFXV 1.35 + } 1.36 + }