Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 59552 Details for
Bug 93054
app-cdr/[xbiso|extract-xiso|xdvdfs-tools]: directory traversal when extracting xbox-images
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
xdvdfs-tools-2.1-fnamefix.patch
xdvdfs-tools-2.1-fnamefix.patch (text/plain), 677 bytes, created by
Chris Bainbridge (RETIRED)
on 2005-05-22 09:22:36 UTC
(
hide
)
Description:
xdvdfs-tools-2.1-fnamefix.patch
Filename:
MIME Type:
Creator:
Chris Bainbridge (RETIRED)
Created:
2005-05-22 09:22:36 UTC
Size:
677 bytes
patch
obsolete
>--- XDVDFS_Tools.orig/src/xdvdfs/xdvdfs.c 2003-08-15 23:26:58.000000000 +0000 >+++ XDVDFS_Tools/src/xdvdfs/xdvdfs.c 2005-05-21 12:13:55.655839216 +0000 >@@ -157,6 +157,14 @@ > memcpy(SearchRecord->Filename, Entry->Filename, Entry->FilenameLength); > SearchRecord->Filename[Entry->FilenameLength] = 0; > >+ if (strstr(SearchRecord->Filename,"..") || >+ strchr(SearchRecord->Filename, '/') || >+ strchr(SearchRecord->Filename, '\\')) >+ { >+ printf("Filename contains invalid characters\n"); >+ exit(1); >+ } >+ > // Copy file parameters in the search_rec > SearchRecord->Attributes = Entry->FileAttributes; > SearchRecord->FileSize = ENDIAN_SAFE32(Entry->FileSize);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=59552">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 93054
: 59552
