Overview

File transmission-CVE-2010-0012.patch of Package transmission

Index: transmission-1.34/libtransmission/metainfo.c
===================================================================
--- transmission-1.34.orig/libtransmission/metainfo.c
+++ transmission-1.34/libtransmission/metainfo.c
@@ -474,6 +474,13 @@ void tr_metainfoFree( tr_info * inf )
 }
 
 static int
+path_is_suspicious( const char * path )
+{
+    return ( path == NULL )
+        || ( strstr( path, "../" ) != NULL );
+}
+
+static int
 getfile( char ** setme, const char * prefix, tr_benc * name )
 {
     const char ** list;
@@ -526,6 +533,13 @@ getfile( char ** setme, const char * pre
     tr_free( *setme );
     *setme = tr_strdup( buf );
 
+    if( ( *setme != NULL ) && path_is_suspicious( *setme ) )
+    {
+      tr_free( *setme );
+      *setme = NULL;
+      return TR_EINVALID;
+    }
+
     return TR_OK;
 }
 
@@ -609,6 +623,9 @@ parseFiles( tr_info * inf, tr_benc * nam
     {
         char buf[4096];
 
+      if( path_is_suspicious( inf->name ) )
+         return TR_EINVALID;
+
         /* Single-file mode */
         inf->isMultifile = 0;
         inf->fileCount = 1;
openSUSE Build Service is sponsored by
Places