Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1
transmission
transmission-CVE-2010-0012.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File transmission-CVE-2010-0012.patch of Package transmission
Index: transmission-1.34/libtransmission/metainfo.c =================================================================== --- transmission-1.34.orig/libtransmission/metainfo.c +++ transmission-1.34/libtransmission/metainfo.c @@ -474,6 +474,13 @@ void tr_metainfoFree( tr_info * inf ) } static int +path_is_suspicious( const char * path ) +{ + return ( path == NULL ) + || ( strstr( path, "../" ) != NULL ); +} + +static int getfile( char ** setme, const char * prefix, tr_benc * name ) { const char ** list; @@ -526,6 +533,13 @@ getfile( char ** setme, const char * pre tr_free( *setme ); *setme = tr_strdup( buf ); + if( ( *setme != NULL ) && path_is_suspicious( *setme ) ) + { + tr_free( *setme ); + *setme = NULL; + return TR_EINVALID; + } + return TR_OK; } @@ -609,6 +623,9 @@ parseFiles( tr_info * inf, tr_benc * nam { char buf[4096]; + if( path_is_suspicious( inf->name ) ) + return TR_EINVALID; + /* Single-file mode */ inf->isMultifile = 0; inf->fileCount = 1;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor