D15192: Fix path traversal issue when extracting an .okular file
Albert Astals Cid
noreply at phabricator.kde.org
Fri Aug 31 23:14:28 BST 2018
aacid created this revision.
Herald added a project: Okular.
Herald added a subscriber: okular-devel.
aacid requested review of this revision.
REVISION SUMMARY
With specially crafted .okular files you can trick okular to create temporary files outside the temporary folder
We fix that by making sure the file doesn't have folders since the ones we create don't
BUGS: 398096
REPOSITORY
R223 Okular
BRANCH
master
REVISION DETAIL
https://phabricator.kde.org/D15192
AFFECTED FILES
core/document.cpp
To: aacid
Cc: okular-devel, ngraham, aacid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/okular-devel/attachments/20180831/39c90bb1/attachment.html>
More information about the Okular-devel
mailing list