diff options
author | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2017-03-13 10:04:12 +0000 |
---|---|---|
committer | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2017-03-13 10:04:12 +0000 |
commit | a3159758806eaf63a66a73938d535f8ec7a93358 (patch) | |
tree | ebd39ca31d1c2a42ca1c2e407e5f3b171090a8b5 | |
parent | 99c6adc8ee3eca3e08137ae40e1c362c0cfd3d6a (diff) | |
download | ports-a3159758806eaf63a66a73938d535f8ec7a93358.tar.gz ports-a3159758806eaf63a66a73938d535f8ec7a93358.zip |
MFH: r435960
Patch a directory traversal vulnerability in the KTNEF parser.
Backported from
https://commits.kde.org/ktnef/4ff38aa15487d69021aacad4b078500f77fb4ae8
Security announcement:
https://www.kde.org/info/security/advisory-20170227-1.txt
Security: e550fc62-069a-11e7-8e3e-5453ed2e2b49
Approved by: ports-secteam (junovitch)
Notes
Notes:
svn path=/branches/2017Q1/; revision=436049
-rw-r--r-- | deskutils/kdepimlibs4/Makefile | 2 | ||||
-rw-r--r-- | deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp | 38 |
2 files changed, 39 insertions, 1 deletions
diff --git a/deskutils/kdepimlibs4/Makefile b/deskutils/kdepimlibs4/Makefile index 3d3ed829ab06..6ad9b93b7626 100644 --- a/deskutils/kdepimlibs4/Makefile +++ b/deskutils/kdepimlibs4/Makefile @@ -3,7 +3,7 @@ PORTNAME= kdepimlibs PORTVERSION= ${KDE4_KDELIBS_VERSION} -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= deskutils kde MASTER_SITES= KDE/${KDE4_APPLICATIONS_BRANCH}/applications/${KDE4_APPLICATIONS_VERSION}/src DIST_SUBDIR= KDE/${PORTVERSION} diff --git a/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp b/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp new file mode 100644 index 000000000000..29f035a3c9fc --- /dev/null +++ b/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp @@ -0,0 +1,38 @@ +Fix for https://www.kde.org/info/security/advisory-20170227-1.txt +--- ktnef/ktnefparser.cpp.orig 2017-03-11 20:23:43 UTC ++++ ktnef/ktnefparser.cpp +@@ -40,7 +40,9 @@ + + #include <QtCore/QDateTime> + #include <QtCore/QDataStream> ++#include <QtCore/QDir> + #include <QtCore/QFile> ++#include <QtCore/QFileInfo> + #include <QtCore/QVariant> + #include <QtCore/QList> + +@@ -446,7 +448,9 @@ bool KTNEFParser::extractFile( const QSt + bool KTNEFParser::ParserPrivate::extractAttachmentTo( KTNEFAttach *att, + const QString &dirname ) + { +- QString filename = dirname + '/'; ++ const QString destDir( QDir( dirname ).absolutePath() ); // get directory path without any "." or ".." ++ ++ QString filename = destDir + '/'; + if ( !att->fileName().isEmpty()) { + filename += att->fileName(); + } else { +@@ -462,6 +466,13 @@ bool KTNEFParser::ParserPrivate::extract + if ( !device_->seek( att->offset() ) ) { + return false; + } ++ const QFileInfo fi( filename ); ++ if ( !fi.absoluteFilePath().startsWith( destDir ) ) { ++ kWarning() << "Attempted extract into" << fi.absoluteFilePath() ++ << "which is outside of the extraction root folder" << destDir << "." ++ << "Changing export of contained files to extraction root folder."; ++ filename = destDir + QLatin1Char( '/' ) + fi.fileName(); ++ } + KSaveFile outfile( filename ); + if ( !outfile.open() ) { + return false; |