diff options
Diffstat (limited to 'extra/kdeutils/CVE-2011-2725.patch')
| -rw-r--r-- | extra/kdeutils/CVE-2011-2725.patch | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/extra/kdeutils/CVE-2011-2725.patch b/extra/kdeutils/CVE-2011-2725.patch new file mode 100644 index 000000000..986bebc90 --- /dev/null +++ b/extra/kdeutils/CVE-2011-2725.patch @@ -0,0 +1,20 @@ +--- a/part/part.cpp ++++ b/part/part.cpp +@@ -558,8 +558,15 @@ void Part::slotPreviewExtracted(KJob *jo + if (!job->error()) { + const ArchiveEntry& entry = + m_model->entryForIndex(m_view->selectionModel()->currentIndex()); +- const QString fullName = +- m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString(); ++ ++ QString fullName = ++ m_previewDir->name() + QLatin1Char('/') + entry[FileName].toString(); ++ ++ // Make sure a maliciously crafted archive with parent folders named ".." do ++ // not cause the previewed file path to be located outside the temporary ++ // directory, resulting in a directory traversal issue. ++ fullName.remove(QLatin1String("../")); ++ + ArkViewer::view(fullName, widget()); + } else { + KMessageBox::error(widget(), job->errorString()); |