Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 170109 Details for
Bug 244741
net-p2p/ktorrent <2.2.8 web interface plugin vulnerable to PHP injection (CVE-2008-{5905,5906})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
ktorrent-2.2.7-upload.patch
ktorrent-2.2.7-upload.patch (text/plain), 826 bytes, created by
Robert Buchholz (RETIRED)
on 2008-10-28 15:00:07 UTC
(
hide
)
Description:
ktorrent-2.2.7-upload.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-10-28 15:00:07 UTC
Size:
826 bytes
patch
obsolete
>Index: ktorrent-2.2.7/plugins/webinterface/httpserver.cpp >=================================================================== >--- ktorrent-2.2.7.orig/plugins/webinterface/httpserver.cpp >+++ ktorrent-2.2.7/plugins/webinterface/httpserver.cpp >@@ -431,9 +431,17 @@ namespace kt > void HttpServer::handleTorrentPost(HttpClientHandler* hdlr,const QHttpRequestHeader & hdr,const QByteArray & data) > { > const char* ptr = data.data(); >- Uint32 len = data.size(); >+ int len = data.size(); > int pos = QString(data).find("\r\n\r\n"); > >+ if (!session.logged_in || !checkSession(hdr)) >+ { >+ // You can't post torrents if you are not logged in >+ // or the session is not OK >+ redirectToLoginPage(hdlr); >+ return; >+ } >+ > if (pos == -1 || pos + 4 >= len || ptr[pos + 4] != 'd') > { > HttpResponseHeader rhdr(500);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=170109">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 244741
:
170106
|
170108
| 170109 |
170111
