You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29 lines
735 B
29 lines
735 B
From 57268e51e59b61c9e3125eb0f65551c7084297e2 Mon Sep 17 00:00:00 2001
|
|
From: Paolo Bacchilega <paobac@src.gnome.org>
|
|
Date: Mon, 27 Aug 2018 15:15:42 +0200
|
|
Subject: [PATCH] Path traversal vulnerability
|
|
|
|
Do not extract files with relative paths.
|
|
|
|
[bug #794337]
|
|
---
|
|
src/glib-utils.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/glib-utils.c b/src/glib-utils.c
|
|
index 6d345243..c3901410 100644
|
|
--- a/src/glib-utils.c
|
|
+++ b/src/glib-utils.c
|
|
@@ -1079,7 +1079,7 @@ sanitize_filename (const char *file_name)
|
|
prefix_len = 0;
|
|
for (p = file_name; *p; ) {
|
|
if (ISDOT (p[0]) && ISDOT (p[1]) && (ISSLASH (p[2]) || !p[2]))
|
|
- prefix_len = p + 2 - file_name;
|
|
+ return NULL;
|
|
|
|
do {
|
|
char c = *p++;
|
|
--
|
|
2.26.2
|
|
|