1 files changed, 38 insertions, 0 deletions

diff --git a/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp b/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp
new file mode 100644
index 000000000000..29f035a3c9fc
--- /dev/null
+++ b/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp
@@ -0,0 +1,38 @@
+Fix for https://www.kde.org/info/security/advisory-20170227-1.txt
+--- ktnef/ktnefparser.cpp.orig	2017-03-11 20:23:43 UTC
++++ ktnef/ktnefparser.cpp
+@@ -40,7 +40,9 @@
+ 
+ #include <QtCore/QDateTime>
+ #include <QtCore/QDataStream>
++#include <QtCore/QDir>
+ #include <QtCore/QFile>
++#include <QtCore/QFileInfo>
+ #include <QtCore/QVariant>
+ #include <QtCore/QList>
+ 
+@@ -446,7 +448,9 @@ bool KTNEFParser::extractFile( const QSt
+ bool KTNEFParser::ParserPrivate::extractAttachmentTo( KTNEFAttach *att,
+                                                       const QString &dirname )
+ {
+-  QString filename = dirname + '/';
++  const QString destDir( QDir( dirname ).absolutePath() ); // get directory path without any "." or ".."
++
++  QString filename = destDir + '/';
+   if ( !att->fileName().isEmpty()) {
+     filename += att->fileName();
+   } else {
+@@ -462,6 +466,13 @@ bool KTNEFParser::ParserPrivate::extract
+   if ( !device_->seek( att->offset() ) ) {
+     return false;
+   }
++  const QFileInfo fi( filename );
++  if ( !fi.absoluteFilePath().startsWith( destDir ) ) {
++      kWarning() << "Attempted extract into" << fi.absoluteFilePath()
++                 << "which is outside of the extraction root folder" << destDir << "."
++                 << "Changing export of contained files to extraction root folder.";
++      filename = destDir + QLatin1Char( '/' ) + fi.fileName();
++  }
+   KSaveFile outfile( filename );
+   if ( !outfile.open() ) {
+     return false;