File libsoup-CVE-2011-2524.patch of Package libsoup.477

Overview Repositories Revisions Requests Users Attributes Meta

File libsoup-CVE-2011-2524.patch of Package libsoup.477

From cbeeb7a0f7f0e8b16f2d382157496f9100218dea Mon Sep 17 00:00:00 2001
From: Dan Winship <danw@gnome.org>
Date: Wed, 29 Jun 2011 14:04:06 +0000
Subject: SoupServer: fix to not allow smuggling ".." into path

When SoupServer:raw-paths was set (the default), it was possible to
sneak ".." segments into the path passed to the SoupServerHandler,
which could then end up tricking some handlers into retrieving
arbitrary files from the filesystem. Fix that.

https://bugzilla.gnome.org/show_bug.cgi?id=653258
---
diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c
index d56efd1..7225337 100644
--- a/libsoup/soup-server.c
+++ b/libsoup/soup-server.c
@@ -779,6 +779,15 @@ got_headers (SoupMessage *req, SoupClientContext *client)
 
 		uri = soup_message_get_uri (req);
 		decoded_path = soup_uri_decode (uri->path);
+
+		if (strstr (decoded_path, "/../") ||
+		    g_str_has_suffix (decoded_path, "/..")) {
+			/* Introducing new ".." segments is not allowed */
+			g_free (decoded_path);
+			soup_message_set_status (req, SOUP_STATUS_BAD_REQUEST);
+			return;
+		}
+
 		soup_uri_set_path (uri, decoded_path);
 		g_free (decoded_path);
 	}
--
cgit v0.9

Places

File libsoup-CVE-2011-2524.patch of Package libsoup.477

Places