Merge pull request #4578 from Hoshpak/kdelibs-cve-2016-6232

kdelibs: add security fix CVE-2016-6232.patch
This commit is contained in:
Toyam Cox 2016-08-08 20:59:50 -04:00 committed by GitHub
commit b155f7a75e
2 changed files with 33 additions and 1 deletions

View File

@ -0,0 +1,32 @@
--- kdecore/io/karchive.cpp
+++ kdecore/io/karchive.cpp
@@ -800,6 +800,7 @@
void KArchiveDirectory::copyTo(const QString& dest, bool recursiveCopy ) const
{
QDir root;
+ const QString destDir(QDir(dest).absolutePath()); // get directory path without any "." or ".."
QList<const KArchiveFile*> fileList;
QMap<qint64, QString> fileToDir;
@@ -809,10 +810,19 @@
QStack<QString> dirNameStack;
dirStack.push( this ); // init stack at current directory
- dirNameStack.push( dest ); // ... with given path
+ dirNameStack.push(destDir); // ... with given path
do {
const KArchiveDirectory* curDir = dirStack.pop();
- const QString curDirName = dirNameStack.pop();
+
+ // extract only to specified folder if it is located within archive's extraction folder
+ // otherwise put file under root position in extraction folder
+ QString curDirName = dirNameStack.pop();
+ if (!QDir(curDirName).absolutePath().startsWith(destDir)) {
+ qWarning() << "Attempted export into folder" << curDirName
+ << "which is outside of the extraction root folder" << destDir << "."
+ << "Changing export of contained files to extraction root folder.";
+ curDirName = destDir;
+ }
root.mkdir(curDirName);
const QStringList dirEntries = curDir->entries();

View File

@ -1,7 +1,7 @@
# Template file for 'kdelibs'
pkgname=kdelibs
version=4.14.3
revision=2
revision=3
short_desc="KDE core libraries"
maintainer="Juan RP <xtraeme@voidlinux.eu>"
license="GPL-2.0, LGPL-2.1, FDL"