void-packages/srcpkgs/kdelibs/patches/CVE-2016-6232.patch

33 lines
1.3 KiB
Diff

--- kdecore/io/karchive.cpp
+++ kdecore/io/karchive.cpp
@@ -800,6 +800,7 @@
void KArchiveDirectory::copyTo(const QString& dest, bool recursiveCopy ) const
{
QDir root;
+ const QString destDir(QDir(dest).absolutePath()); // get directory path without any "." or ".."
QList<const KArchiveFile*> fileList;
QMap<qint64, QString> fileToDir;
@@ -809,10 +810,19 @@
QStack<QString> dirNameStack;
dirStack.push( this ); // init stack at current directory
- dirNameStack.push( dest ); // ... with given path
+ dirNameStack.push(destDir); // ... with given path
do {
const KArchiveDirectory* curDir = dirStack.pop();
- const QString curDirName = dirNameStack.pop();
+
+ // extract only to specified folder if it is located within archive's extraction folder
+ // otherwise put file under root position in extraction folder
+ QString curDirName = dirNameStack.pop();
+ if (!QDir(curDirName).absolutePath().startsWith(destDir)) {
+ qWarning() << "Attempted export into folder" << curDirName
+ << "which is outside of the extraction root folder" << destDir << "."
+ << "Changing export of contained files to extraction root folder.";
+ curDirName = destDir;
+ }
root.mkdir(curDirName);
const QStringList dirEntries = curDir->entries();