Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/kde-apps/libktnef/files/libktnef-16.12.2-directory-traversal.patch
diff options
context:
space:
mode:
Diffstat (limited to 'kde-apps/libktnef/files/libktnef-16.12.2-directory-traversal.patch')
-rw-r--r--kde-apps/libktnef/files/libktnef-16.12.2-directory-traversal.patch53
1 files changed, 0 insertions, 53 deletions
diff --git a/kde-apps/libktnef/files/libktnef-16.12.2-directory-traversal.patch b/kde-apps/libktnef/files/libktnef-16.12.2-directory-traversal.patch
deleted file mode 100644
index d41b4f9c56f8..000000000000
--- a/kde-apps/libktnef/files/libktnef-16.12.2-directory-traversal.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-commit 4ff38aa15487d69021aacad4b078500f77fb4ae8
-Author: Albert Astals Cid <aacid@kde.org>
-Date: Mon Feb 27 19:03:49 2017 +0100
-
- Fix Directory Traversal problem in ktnef
-
- Reported by Eric Sesterhenn
-
- Patch reviewed by Laurent Montel
-
- CCMAIL: eric.sesterhenn@x41-dsec.de
-
-diff --git a/src/ktnefparser.cpp b/src/ktnefparser.cpp
-index ce40e40..0678003 100644
---- a/src/ktnefparser.cpp
-+++ b/src/ktnefparser.cpp
-@@ -41,7 +41,9 @@
-
- #include <QtCore/QDateTime>
- #include <QtCore/QDataStream>
-+#include <QtCore/QDir>
- #include <QtCore/QFile>
-+#include <QtCore/QFileInfo>
- #include <QtCore/QVariant>
- #include <QtCore/QList>
-
-@@ -446,7 +448,9 @@ bool KTNEFParser::extractFile(const QString &filename) const
- bool KTNEFParser::ParserPrivate::extractAttachmentTo(KTNEFAttach *att,
- const QString &dirname)
- {
-- QString filename = dirname + QLatin1Char('/');
-+ const QString destDir(QDir(dirname).absolutePath()); // get directory path without any "." or ".."
-+
-+ QString filename = destDir + QLatin1Char('/');
- if (!att->fileName().isEmpty()) {
- filename += att->fileName();
- } else {
-@@ -462,6 +466,15 @@ bool KTNEFParser::ParserPrivate::extractAttachmentTo(KTNEFAttach *att,
- if (!device_->seek(att->offset())) {
- return false;
- }
-+
-+ const QFileInfo fi(filename);
-+ if (!fi.absoluteFilePath().startsWith(destDir)) {
-+ qWarning() << "Attempted extract into" << fi.absoluteFilePath()
-+ << "which is outside of the extraction root folder" << destDir << "."
-+ << "Changing export of contained files to extraction root folder.";
-+ filename = destDir + QLatin1Char('/') + fi.fileName();
-+ }
-+
- QSaveFile outfile(filename);
- if (!outfile.open(QIODevice::WriteOnly)) {
- return false;