summaryrefslogtreecommitdiff
path: root/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp
diff options
context:
space:
mode:
authorRaphael Kubo da Costa <rakuco@FreeBSD.org>2017-03-11 21:11:17 +0000
committerRaphael Kubo da Costa <rakuco@FreeBSD.org>2017-03-11 21:11:17 +0000
commit462c0cb7eeea1e18d63cff823d3be6044ac61a60 (patch)
tree0a481d7feed8474e996be8866306a135bda651e9 /deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp
parentAdd entry for KTNEF directory traversal issue in deskutils/kdepimlibs4. (diff)
Patch a directory traversal vulnerability in the KTNEF parser.
Backported from https://commits.kde.org/ktnef/4ff38aa15487d69021aacad4b078500f77fb4ae8 Security announcement: https://www.kde.org/info/security/advisory-20170227-1.txt MFH: 2017Q1 Security: e550fc62-069a-11e7-8e3e-5453ed2e2b49
Diffstat (limited to 'deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp')
-rw-r--r--deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp38
1 files changed, 38 insertions, 0 deletions
diff --git a/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp b/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp
new file mode 100644
index 000000000000..29f035a3c9fc
--- /dev/null
+++ b/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp
@@ -0,0 +1,38 @@
+Fix for https://www.kde.org/info/security/advisory-20170227-1.txt
+--- ktnef/ktnefparser.cpp.orig 2017-03-11 20:23:43 UTC
++++ ktnef/ktnefparser.cpp
+@@ -40,7 +40,9 @@
+
+ #include <QtCore/QDateTime>
+ #include <QtCore/QDataStream>
++#include <QtCore/QDir>
+ #include <QtCore/QFile>
++#include <QtCore/QFileInfo>
+ #include <QtCore/QVariant>
+ #include <QtCore/QList>
+
+@@ -446,7 +448,9 @@ bool KTNEFParser::extractFile( const QSt
+ bool KTNEFParser::ParserPrivate::extractAttachmentTo( KTNEFAttach *att,
+ const QString &dirname )
+ {
+- QString filename = dirname + '/';
++ const QString destDir( QDir( dirname ).absolutePath() ); // get directory path without any "." or ".."
++
++ QString filename = destDir + '/';
+ if ( !att->fileName().isEmpty()) {
+ filename += att->fileName();
+ } else {
+@@ -462,6 +466,13 @@ bool KTNEFParser::ParserPrivate::extract
+ if ( !device_->seek( att->offset() ) ) {
+ return false;
+ }
++ const QFileInfo fi( filename );
++ if ( !fi.absoluteFilePath().startsWith( destDir ) ) {
++ kWarning() << "Attempted extract into" << fi.absoluteFilePath()
++ << "which is outside of the extraction root folder" << destDir << "."
++ << "Changing export of contained files to extraction root folder.";
++ filename = destDir + QLatin1Char( '/' ) + fi.fileName();
++ }
+ KSaveFile outfile( filename );
+ if ( !outfile.open() ) {
+ return false;
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-15 20:36:59 +0000