Differential D15192

Fix path traversal issue when extracting an .okular file
ClosedPublic
Actions

Authored by aacid on Aug 31 2018, 10:14 PM.

Details

Reviewers
None
Commits
R223:8ff7abc14d41: Fix path traversal issue when extracting an .okular file
Summary

With specially crafted .okular files you can trick okular to create temporary files outside the temporary folder

We fix that by making sure the file doesn't have folders since the ones we create don't

BUGS: 398096

Diff Detail

Repository
R223 Okular
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
aacid created this revision.Aug 31 2018, 10:14 PM
Restricted Application added a project: Okular. · View Herald TranscriptAug 31 2018, 10:14 PM
Restricted Application added a subscriber: okular-devel. · View Herald Transcript
aacid requested review of this revision.Aug 31 2018, 10:14 PM
aacid added a comment.Sep 1 2018, 8:51 PM

This is pretty important since it's half a security issue, so unless someone strongly disagrees i'll commit it on Monday on time for the KDE Applications 18.08.1 release

This revision was not accepted when it landed; it landed in state Needs Review.Sep 3 2018, 7:16 PM
Closed by commit R223:8ff7abc14d41: Fix path traversal issue when extracting an .okular file (authored by aacid). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathPackages
Mcore/document.cpp (12 lines)

Diff 40933

View Options

core/document.cpp

Loading...