Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
kdenetwork4
kget43_CVE-2010-1000-r1126227.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File kget43_CVE-2010-1000-r1126227.diff of Package kdenetwork4
Index: kget/transfer-plugins/metalink/metalinker.h =================================================================== --- kget/transfer-plugins/metalink/metalinker.h (revision 1126226) +++ kget/transfer-plugins/metalink/metalinker.h (working copy) @@ -1,6 +1,7 @@ /* This file is part of the KDE project Copyright (C) 2007 Manolo Valdes <nolis71cu@gmail.com> + Copyright (C) 2010 Matthias Fuchs <mat69@gmx.net> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public @@ -18,6 +19,14 @@ class MlinkFileData { public: MlinkFileData() {} + + /** + * Controlls if the name attribute is valid, i.e. it is not empty and + * does not contain any directory traversal directives or information + * In case of faulty fileNames the MlinkFile gets discarded + */ + bool isValidNameAttribute() const; + QString fileName; QString md5; QString sha256; Index: kget/transfer-plugins/metalink/metalinker.cpp =================================================================== --- kget/transfer-plugins/metalink/metalinker.cpp (revision 1126226) +++ kget/transfer-plugins/metalink/metalinker.cpp (working copy) @@ -1,6 +1,7 @@ /* This file is part of the KDE project Copyright (C) 2007 Manolo Valdes <nolis71cu@gmail.com> + Copyright (C) 2010 Matthias Fuchs <mat69@gmx.net> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public @@ -16,6 +17,23 @@ #include <QDomElement> +bool MlinkFileData::isValidNameAttribute() const +{ + if (fileName.isEmpty()) { + kError(5001) << "Name attribute of Metalink::File is empty."; + return false; + } + + QStringList components = fileName.split('/'); + + if (fileName.startsWith("/") || components.contains("..")) { + kError(5001) << "Name attribute of Metalink::File contains directory traversal directives:" << fileName; + return false; + } + + return true; +} + Metalinker::Metalinker() { } @@ -36,12 +54,24 @@ QList<MlinkFileData> Metalinker::parseMe kDebug(5001) << files.length() << " <file> tags found"; + QStringList fileNames; for( uint i=0 ; i < files.length() ; ++i ) { QDomNode file = files.item(i); MlinkFileData data; - data.fileName = file.toElement().attribute("name"); + data.fileName = QUrl::fromPercentEncoding(file.toElement().attribute("name").toAscii()); kDebug(5001) << "filename: "<< data.fileName; + if (!data.isValidNameAttribute()) { + fileData.clear(); + return fileData; + } + + if (fileNames.contains(data.fileName)) { + kError(5001) << "Metalink::File name" << data.fileName << "exists multiple times."; + fileData.clear(); + return fileData; + } + fileNames << data.fileName; QDomNodeList hashes = file.toElement(). elementsByTagName("verification").
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor