mirror of
https://git.freebsd.org/ports.git
synced 2025-07-17 01:09:24 -04:00
Fix a security hole that caused some SoupServer users to unintentionally
allow accessing the entire local filesystem when they thought they were only providing access to a single directory. Security: 30cb4522-b94d-11e0-8182-485d60cb5385
This commit is contained in:
parent
53ec1b8528
commit
ddf70a3e70
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=278499
2 changed files with 35 additions and 1 deletions
|
@ -8,7 +8,7 @@
|
|||
|
||||
PORTNAME= libsoup
|
||||
PORTVERSION= 2.32.2
|
||||
PORTREVISION?= 2
|
||||
PORTREVISION?= 3
|
||||
CATEGORIES= devel gnome
|
||||
MASTER_SITES= GNOME
|
||||
DIST_SUBDIR= gnome2
|
||||
|
|
34
devel/libsoup/files/patch-libsoup_soup-server.c
Normal file
34
devel/libsoup/files/patch-libsoup_soup-server.c
Normal file
|
@ -0,0 +1,34 @@
|
|||
From 51eb8798c3965b49f3010db82009d36429f28514 Mon Sep 17 00:00:00 2001
|
||||
From: Dan Winship <danw@gnome.org>
|
||||
Date: Wed, 29 Jun 2011 14:04:06 +0000
|
||||
Subject: SoupServer: fix to not allow smuggling ".." into path
|
||||
|
||||
When SoupServer:raw-paths was set (the default), it was possible to
|
||||
sneak ".." segments into the path passed to the SoupServerHandler,
|
||||
which could then end up tricking some handlers into retrieving
|
||||
arbitrary files from the filesystem. Fix that.
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=653258
|
||||
---
|
||||
diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c
|
||||
index d56efd1..7225337 100644
|
||||
--- libsoup/soup-server.c
|
||||
+++ libsoup/soup-server.c
|
||||
@@ -779,6 +779,15 @@ got_headers (SoupMessage *req, SoupClientContext *client)
|
||||
|
||||
uri = soup_message_get_uri (req);
|
||||
decoded_path = soup_uri_decode (uri->path);
|
||||
+
|
||||
+ if (strstr (decoded_path, "/../") ||
|
||||
+ g_str_has_suffix (decoded_path, "/..")) {
|
||||
+ /* Introducing new ".." segments is not allowed */
|
||||
+ g_free (decoded_path);
|
||||
+ soup_message_set_status (req, SOUP_STATUS_BAD_REQUEST);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
soup_uri_set_path (uri, decoded_path);
|
||||
g_free (decoded_path);
|
||||
}
|
||||
--
|
||||
cgit v0.9
|
Loading…
Add table
Reference in a new issue