summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'kde-apps/okular/files/okular-18.04.3-path-traversal-issue.patch')
-rw-r--r--kde-apps/okular/files/okular-18.04.3-path-traversal-issue.patch46
1 files changed, 0 insertions, 46 deletions
diff --git a/kde-apps/okular/files/okular-18.04.3-path-traversal-issue.patch b/kde-apps/okular/files/okular-18.04.3-path-traversal-issue.patch
deleted file mode 100644
index 216f235d8646..000000000000
--- a/kde-apps/okular/files/okular-18.04.3-path-traversal-issue.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 8ff7abc14d41906ad978b6bc67e69693863b9d47 Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Mon, 3 Sep 2018 21:14:30 +0200
-Subject: Fix path traversal issue when extracting an .okular file
-
-Summary:
-With specially crafted .okular files you can trick okular to create temporary files outside the temporary folder
-
-We fix that by making sure the file doesn't have folders since the ones we create don't
-
-BUGS: 398096
-
-Subscribers: okular-devel
-
-Tags: #okular
-
-Differential Revision: https://phabricator.kde.org/D15192
----
- core/document.cpp | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/core/document.cpp b/core/document.cpp
-index 5e3c169..7d46173 100644
---- a/core/document.cpp
-+++ b/core/document.cpp
-@@ -4819,6 +4819,18 @@ ArchiveData *DocumentPrivate::unpackDocumentArchive( const QString &archivePath
- return nullptr;
-
- const KArchiveDirectory * mainDir = okularArchive.directory();
-+
-+ // Check the archive doesn't have folders, we don't create them when saving the archive
-+ // and folders mean paths and paths mean path traversal issues
-+ for ( const QString &entry : mainDir->entries() )
-+ {
-+ if ( mainDir->entry( entry )->isDirectory() )
-+ {
-+ qWarning() << "Warning: Found a directory inside" << archivePath << " - Okular does not create files like that so it is most probably forged.";
-+ return nullptr;
-+ }
-+ }
-+
- const KArchiveEntry * mainEntry = mainDir->entry( QStringLiteral("content.xml") );
- if ( !mainEntry || !mainEntry->isFile() )
- return nullptr;
---
-cgit v0.11.2