After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 742331 - Directory traversal in gcab
Directory traversal in gcab
Status: RESOLVED FIXED
Product: msitools
Classification: Other
Component: tools
0.93
Other Linux
: Normal normal
: 1.0
Assigned To: msitools maintainer(s)
msitools maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2015-01-04 17:19 UTC by Stephen Kitt
Modified: 2015-01-05 23:11 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Avoid path traversal (1.22 KB, patch)
2015-01-05 06:28 UTC, Stephen Kitt
committed Details | Review

Description Stephen Kitt 2015-01-04 17:19:50 UTC
This is forwarded from https://bugs.debian.org/774580

gcab suffers from a directory traversal bug: it doesn't filter leading slashes from paths in CAB files.
Comment 1 Stephen Kitt 2015-01-05 06:28:56 UTC
Created attachment 293730 [details] [review]
Avoid path traversal

The attached patch fixes this, at the cost of ugly paths when faced with relative traversals. At least all the CAB's contents can be extracted, without overwriting anything outside the extraction path.
Comment 2 Marc-Andre Lureau 2015-01-05 09:54:53 UTC
Attachment 293730 [details] pushed as 0ccdf56 - Avoid path traversal
Comment 3 Marc-Andre Lureau 2015-01-05 09:55:12 UTC
thanks for the patch
Comment 4 Stephen Kitt 2015-01-05 23:11:04 UTC
This has been assigned CVE-2015-0552 (see https://security-tracker.debian.org/tracker/CVE-2015-0552 for more info along with links to the various security trackers).