aboutsummaryrefslogtreecommitdiff
path: root/system/arj/patches/security-traversal-dir.patch
diff options
context:
space:
mode:
Diffstat (limited to 'system/arj/patches/security-traversal-dir.patch')
-rw-r--r--system/arj/patches/security-traversal-dir.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/system/arj/patches/security-traversal-dir.patch b/system/arj/patches/security-traversal-dir.patch
new file mode 100644
index 0000000000000..02d955c805310
--- /dev/null
+++ b/system/arj/patches/security-traversal-dir.patch
@@ -0,0 +1,33 @@
+Description: Fix absolute path traversals.
+ Catch multiple leading slashes when checking for absolute path traversals.
+ .
+ Fixes CVE-2015-0557.
+Author: Guillem Jover <guillem@debian.org>
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/774435
+Forwarded: no
+Last-Update: 2015-02-26
+
+---
+ environ.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/environ.c
++++ b/environ.c
+@@ -1087,6 +1087,8 @@ static char *validate_path(char *name)
+ if(action!=VALIDATE_DRIVESPEC)
+ {
+ #endif
++ while (name[0]!='\0'&&
++ (name[0]=='.'||name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)) {
+ if(name[0]=='.')
+ {
+ if(name[1]=='.'&&(name[2]==PATHSEP_DEFAULT||name[2]==PATHSEP_UNIX))
+@@ -1096,6 +1098,7 @@ static char *validate_path(char *name)
+ }
+ if(name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)
+ name++; /* "\\" - revert to root */
++ }
+ #if SFX_LEVEL>=ARJSFXV
+ }
+ }