Review Request 122733: Fix path traversal checks in KPackage

Alex Richardson arichardson.kde at gmail.com
Tue Mar 3 17:53:46 UTC 2015


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/122733/
-----------------------------------------------------------

(Updated March 3, 2015, 5:53 p.m.)


Status
------

This change has been marked as submitted.


Review request for KDE Frameworks, Plasma and Marco Martin.


Repository: kpackage


Description
-------

They did not canonicalize the package base directory path so it would
always fail when the package base path contained symlinks


Diffs
-----

  src/kpackage/package.cpp eb4a09b987970e89f28587426b21d63731634087 
  src/kpackage/private/package_p.h e451412fa02c88113aa4c7bbca2dcda3432b2b02 

Diff: https://git.reviewboard.kde.org/r/122733/diff/


Testing
-------

Files inside the package are now found although the install location contains a symlink


Thanks,

Alex Richardson

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20150303/ce4a93b1/attachment-0001.html>


More information about the Kde-frameworks-devel mailing list