file-roller/SOURCES/file-roller-3.28.1-CVE-2019...

From 57268e51e59b61c9e3125eb0f65551c7084297e2 Mon Sep 17 00:00:00 2001
From: Paolo Bacchilega <paobac@src.gnome.org>
Date: Mon, 27 Aug 2018 15:15:42 +0200
Subject: [PATCH] Path traversal vulnerability

Do not extract files with relative paths.

[bug #794337]
---
 src/glib-utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/glib-utils.c b/src/glib-utils.c
index 6d345243..c3901410 100644
--- a/src/glib-utils.c
+++ b/src/glib-utils.c
@@ -1079,7 +1079,7 @@ sanitize_filename (const char *file_name)
 	prefix_len = 0;
 	for (p = file_name; *p; ) {
 		if (ISDOT (p[0]) && ISDOT (p[1]) && (ISSLASH (p[2]) || !p[2]))
-			prefix_len = p + 2 - file_name;
+			return NULL;
 
 		do {
 			char c = *p++;
-- 
2.26.2
import file-roller-3.28.1-4.el8 3 years ago			`From 57268e51e59b61c9e3125eb0f65551c7084297e2 Mon Sep 17 00:00:00 2001`
			`From: Paolo Bacchilega <paobac@src.gnome.org>`
			`Date: Mon, 27 Aug 2018 15:15:42 +0200`
			`Subject: [PATCH] Path traversal vulnerability`

			`Do not extract files with relative paths.`

			`[bug #794337]`
			`---`
			`src/glib-utils.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/src/glib-utils.c b/src/glib-utils.c`
			`index 6d345243..c3901410 100644`
			`--- a/src/glib-utils.c`
			`+++ b/src/glib-utils.c`
			`@@ -1079,7 +1079,7 @@ sanitize_filename (const char *file_name)`
			`prefix_len = 0;`
			`for (p = file_name; *p; ) {`
			`if (ISDOT (p[0]) && ISDOT (p[1]) && (ISSLASH (p[2]) \|\| !p[2]))`
			`- prefix_len = p + 2 - file_name;`
			`+ return NULL;`

			`do {`
			`char c = *p++;`
			`--`
			`2.26.2`