Summary: | The directory traversal fix is incomplete | ||
---|---|---|---|
Product: | [Applications] ktorrent | Reporter: | Deathwing00 <deathwing00> |
Component: | general | Assignee: | Joris Guisson <joris.guisson> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Gentoo Packages | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Deathwing00
2007-03-30 19:26:40 UTC
Downstream: https://bugs.gentoo.org/show_bug.cgi?id=170303 You are right, but other then .. in a path, I don't think you can get outside of the user specified directories. We always prepend the user selected location before the path, so even if it starts with / it will not be a problem. SVN commit 648419 by guisson: Fix directory traversal bug by making sure that path entries with .. and / in them are not allowed. BUG: 143637 M +2 -2 torrent.cpp --- trunk/extragear/network/ktorrent/libktorrent/torrent/torrent.cpp #648418:648419 @@ -164,9 +164,9 @@ throw Error(i18n("Corrupted torrent!")); QString sd = v->data().toString(encoding); - // check for weirdness like .. , + // check for weirdness like .. and / , // we don't want to write outside the user specified directories - if (sd != "..") + if (!sd.contains("/") && !sd.contains("..")) { path += sd; if (j + 1 < ln->getNumChildren()) Thank you. We'll add your patch downstream asap! :) There will be a new release tomorrow (we already had this planned), this will also contain the fix. In our CVS. Thanks for the release! |