diff options
author | Peter Korsgaard <jacmet@sunsite.dk> | 2012-03-01 14:05:41 +0100 |
---|---|---|
committer | Peter Korsgaard <jacmet@sunsite.dk> | 2012-03-01 14:05:41 +0100 |
commit | 7a58ed7317573f23da2e2ad822003705db85a58f (patch) | |
tree | a8ff3dd8f4c40c5d875cc884e79cb5a04e92540b /package/libsoup/libsoup-CVE-2011-2054.patch | |
parent | 9fc43591447c8c8c61843f1f537660855b6d049b (diff) | |
parent | 97165f123bd67b8d1a9a0a3bb41f2c4b8475156d (diff) | |
download | buildroot-novena-7a58ed7317573f23da2e2ad822003705db85a58f.tar.gz buildroot-novena-7a58ed7317573f23da2e2ad822003705db85a58f.zip |
Merge branch 'next'
Diffstat (limited to 'package/libsoup/libsoup-CVE-2011-2054.patch')
-rw-r--r-- | package/libsoup/libsoup-CVE-2011-2054.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/package/libsoup/libsoup-CVE-2011-2054.patch b/package/libsoup/libsoup-CVE-2011-2054.patch deleted file mode 100644 index 0dc5eccf9..000000000 --- a/package/libsoup/libsoup-CVE-2011-2054.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 4617b6ef6dd21931a0153070c5b5ff7ef21b46f8 Mon Sep 17 00:00:00 2001 -From: Dan Winship <danw@gnome.org> -Date: Wed, 29 Jun 2011 10:04:06 -0400 -Subject: [PATCH] SoupServer: fix to not allow smuggling ".." into path - -When SoupServer:raw-paths was set (the default), it was possible to -sneak ".." segments into the path passed to the SoupServerHandler, -which could then end up tricking some handlers into retrieving -arbitrary files from the filesystem. Fix that. - -https://bugzilla.gnome.org/show_bug.cgi?id=653258 - -diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c -index d56efd1..7225337 100644 ---- a/libsoup/soup-server.c -+++ b/libsoup/soup-server.c -@@ -779,6 +779,15 @@ got_headers (SoupMessage *req, SoupClientContext *client) - - uri = soup_message_get_uri (req); - decoded_path = soup_uri_decode (uri->path); -+ -+ if (strstr (decoded_path, "/../") || -+ g_str_has_suffix (decoded_path, "/..")) { -+ /* Introducing new ".." segments is not allowed */ -+ g_free (decoded_path); -+ soup_message_set_status (req, SOUP_STATUS_BAD_REQUEST); -+ return; -+ } -+ - soup_uri_set_path (uri, decoded_path); - g_free (decoded_path); - } |