Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.4
libsoup.477
libsoup-CVE-2011-2524.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libsoup-CVE-2011-2524.patch of Package libsoup.477
From cbeeb7a0f7f0e8b16f2d382157496f9100218dea Mon Sep 17 00:00:00 2001 From: Dan Winship <danw@gnome.org> Date: Wed, 29 Jun 2011 14:04:06 +0000 Subject: SoupServer: fix to not allow smuggling ".." into path When SoupServer:raw-paths was set (the default), it was possible to sneak ".." segments into the path passed to the SoupServerHandler, which could then end up tricking some handlers into retrieving arbitrary files from the filesystem. Fix that. https://bugzilla.gnome.org/show_bug.cgi?id=653258 --- diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c index d56efd1..7225337 100644 --- a/libsoup/soup-server.c +++ b/libsoup/soup-server.c @@ -779,6 +779,15 @@ got_headers (SoupMessage *req, SoupClientContext *client) uri = soup_message_get_uri (req); decoded_path = soup_uri_decode (uri->path); + + if (strstr (decoded_path, "/../") || + g_str_has_suffix (decoded_path, "/..")) { + /* Introducing new ".." segments is not allowed */ + g_free (decoded_path); + soup_message_set_status (req, SOUP_STATUS_BAD_REQUEST); + return; + } + soup_uri_set_path (uri, decoded_path); g_free (decoded_path); } -- cgit v0.9
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor