svn commit: r428653 - in head/devel/simgear: . files
Ganael LAPLANCHE
martymac at FreeBSD.org
Fri Dec 16 08:33:16 UTC 2016
Author: martymac
Date: Fri Dec 16 08:33:14 2016
New Revision: 428653
URL: https://svnweb.freebsd.org/changeset/ports/428653
Log:
Backport security fix a2b111b
Avoids a malicious repository writing to files outside the local storage root
Reported by: "Rebecca N. Palmer" <rebecca_palmer at zoho.com>
Security: https://sourceforge.net/p/flightgear/simgear/ci/a2b111bb09485769d75addf563cb6e44be6655b3/
Added:
head/devel/simgear/files/patch-a2b111b-simgear-io-HTTPRepository.cxx (contents, props changed)
Modified:
head/devel/simgear/Makefile
Modified: head/devel/simgear/Makefile
==============================================================================
--- head/devel/simgear/Makefile Fri Dec 16 08:33:08 2016 (r428652)
+++ head/devel/simgear/Makefile Fri Dec 16 08:33:14 2016 (r428653)
@@ -2,6 +2,7 @@
PORTNAME= simgear
PORTVERSION= 2016.4.3
+PORTREVISION= 1
CATEGORIES= devel games
MASTER_SITES= SF/flightgear/release-${PORTVERSION:R}
Added: head/devel/simgear/files/patch-a2b111b-simgear-io-HTTPRepository.cxx
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/devel/simgear/files/patch-a2b111b-simgear-io-HTTPRepository.cxx Fri Dec 16 08:33:14 2016 (r428653)
@@ -0,0 +1,28 @@
+commit a2b111bb09485769d75addf563cb6e44be6655b3
+Author: James Turner <zakalawe at mac.com>
+Date: Wed Dec 14 09:41:44 2016 +0000
+
+ Bugfix: reject dubious paths in HTTP repos.
+
+ This avoids a malicious repository writing to files outside the local
+ storage root.
+
+diff --git simgear/io/HTTPRepository.cxx simgear/io/HTTPRepository.cxx
+index 1c95f278..b0335783 100644
+--- simgear/io/HTTPRepository.cxx
++++ simgear/io/HTTPRepository.cxx
+@@ -503,6 +503,14 @@ private:
+ SG_LOG(SG_TERRASYNC, SG_WARN, "malformed .dirindex file: invalid type in line '" << line << "', expected 'd' or 'f', (ignoring line)" );
+ continue;
+ }
++
++ // security: prevent writing outside the repository via ../../.. filenames
++ // (valid filenames never contain / - subdirectories have their own .dirindex)
++ if ((tokens[1] == "..") || (tokens[1].find_first_of("/\\") != std::string::npos)) {
++ SG_LOG(SG_TERRASYNC, SG_WARN, "malformed .dirindex file: invalid filename in line '" << line << "', (ignoring line)" );
++ continue;
++ }
++
+ children.push_back(ChildInfo(typeData == "f" ? ChildInfo::FileType : ChildInfo::DirectoryType, tokens[1], tokens[2]));
+
+ if (tokens.size() > 3) {
More information about the svn-ports-head
mailing list