[kdenetwork-filesharing] [Bug 432757] kdenetwork-filesharing: AuthHelper does not sanitize command-line arguments
Harald Sitter
bugzilla_noreply at kde.org
Mon Mar 8 10:36:35 GMT 2021
https://bugs.kde.org/show_bug.cgi?id=432757
Harald Sitter <sitter at kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
Latest Commit| |https://invent.kde.org/netw
| |ork/kdenetwork-filesharing/
| |commit/19f000d8f9348f53e33a
| |40a8723e9bbe09474be6
Version Fixed In| |20.12.3
--- Comment #3 from Harald Sitter <sitter at kde.org> ---
Git commit 19f000d8f9348f53e33a40a8723e9bbe09474be6 by Harald Sitter.
Committed on 08/03/2021 at 10:36.
Pushed by sitter into branch 'release/20.12'.
run input user/group names through input validation
to harden against abuse we'll match them against a regex that should
only match what could possibly be a valid user or group name.
thanks to Wolfgang Frisch and SUSE for the suggestion
FIXED-IN: 20.12.3
M +12 -4 samba/filepropertiesplugin/authhelper.cpp
https://invent.kde.org/network/kdenetwork-filesharing/commit/19f000d8f9348f53e33a40a8723e9bbe09474be6
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the kfm-devel
mailing list