Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:saltstack:products:old
salt
security-fixes-cve-2017-14695-and-cve-2017-1469...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File security-fixes-cve-2017-14695-and-cve-2017-14696.patch of Package salt
From b6ca8e620bbc28b36d6353d3748c1cc5200b8d9a Mon Sep 17 00:00:00 2001 From: Erik Johnson <palehose@gmail.com> Date: Fri, 25 Aug 2017 14:15:58 -0500 Subject: [PATCH] Security fixes: CVE-2017-14695 and CVE-2017-14696 * Don't allow path separators in minion ID * Do not allow IDs with null bytes in decoded payloads --- salt/utils/verify.py | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/salt/utils/verify.py b/salt/utils/verify.py index e319385363..45581f02ce 100644 --- a/salt/utils/verify.py +++ b/salt/utils/verify.py @@ -481,15 +481,6 @@ def clean_path(root, path, subdir=False): return '' -def clean_id(id_): - ''' - Returns if the passed id is clean. - ''' - if re.search(r'\.\.\{sep}'.format(sep=os.sep), id_): - return False - return True - - def valid_id(opts, id_): ''' Returns if the passed id is valid @@ -497,7 +488,7 @@ def valid_id(opts, id_): try: if any(x in id_ for x in ('/', '\\', '\0')): return False - return bool(clean_path(opts['pki_dir'], id_)) and clean_id(id_) + return bool(clean_path(opts['pki_dir'], id_)) except (AttributeError, KeyError, TypeError): return False -- 2.17.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor