Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
transmission
transmission-CVE-2010-0012.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File transmission-CVE-2010-0012.patch of Package transmission
Index: /branches/1.7x/libtransmission/metainfo.c =================================================================== --- /branches/1.7x/libtransmission/metainfo.c (revision 8889) +++ /branches/1.7x/libtransmission/metainfo.c (revision 9829) @@ -137,7 +137,12 @@ static tr_bool -getfile( char ** setme, - const char * root, - tr_benc * path ) +path_is_suspicious( const char * path ) +{ + return ( path == NULL ) + || ( strstr( path, "../" ) != NULL ); +} + +static tr_bool +getfile( char ** setme, const char * root, tr_benc * path ) { tr_bool success = FALSE; @@ -145,7 +150,7 @@ if( tr_bencIsList( path ) ) { + int i; + const int n = tr_bencListSize( path ); struct evbuffer * buf = evbuffer_new( ); - int n = tr_bencListSize( path ); - int i; evbuffer_add( buf, root, strlen( root ) ); @@ -153,6 +158,5 @@ { const char * str; - if( tr_bencGetStr( tr_bencListChild( path, i ), &str ) - && strcmp( str, ".." ) ) + if( tr_bencGetStr( tr_bencListChild( path, i ), &str ) ) { evbuffer_add( buf, TR_PATH_DELIMITER_STR, 1 ); @@ -167,4 +171,11 @@ } + if( ( *setme != NULL ) && path_is_suspicious( *setme ) ) + { + tr_free( *setme ); + *setme = NULL; + success = FALSE; + } + return success; } @@ -212,4 +223,7 @@ else if( tr_bencGetInt( length, &len ) ) /* single-file mode */ { + if( path_is_suspicious( inf->name ) ) + return "path"; + inf->isMultifile = 0; inf->fileCount = 1;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor