Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:11.4:Update
kdeutils4
CVE-2011-2725.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2011-2725.patch of Package kdeutils4
diff -up kdeutils-4.7.2/ark/part/part.cpp.orig kdeutils-4.7.2/ark/part/part.cpp --- kdeutils-4.7.2/ark/part/part.cpp.orig 2011-10-18 16:57:02.000000000 +0200 +++ kdeutils-4.7.2/ark/part/part.cpp 2011-10-18 16:57:45.000000000 +0200 @@ -558,8 +558,15 @@ void Part::slotPreviewExtracted(KJob *jo if (!job->error()) { const ArchiveEntry& entry = m_model->entryForIndex(m_view->selectionModel()->currentIndex()); - const QString fullName = - m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString(); + + QString fullName = + m_previewDir->name() + QLatin1Char('/') + entry[FileName].toString(); + + // Make sure a maliciously crafted archive with parent folders named ".." do + // not cause the previewed file path to be located outside the temporary + // directory, resulting in a directory traversal issue. + fullName.remove(QLatin1String("../")); + ArkViewer::view(fullName, widget()); } else { KMessageBox::error(widget(), job->errorString());
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor