Review Request 122733: Fix path traversal checks in KPackage
Hrvoje Senjan
hrvoje.senjan at gmail.com
Wed Mar 4 19:23:10 UTC 2015
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/122733/#review77011
-----------------------------------------------------------
this has broken wallpaper loading here...
there's loads of Attempting to read file from invalid package! file type: "metadata" file name: "" package path: "/usr/share/wallpapers/Aghi/" ...
warnings...
- Hrvoje Senjan
On March 3, 2015, 6:53 p.m., Alex Richardson wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/122733/
> -----------------------------------------------------------
>
> (Updated March 3, 2015, 6:53 p.m.)
>
>
> Review request for KDE Frameworks, Plasma and Marco Martin.
>
>
> Repository: kpackage
>
>
> Description
> -------
>
> They did not canonicalize the package base directory path so it would
> always fail when the package base path contained symlinks
>
>
> Diffs
> -----
>
> src/kpackage/package.cpp eb4a09b987970e89f28587426b21d63731634087
> src/kpackage/private/package_p.h e451412fa02c88113aa4c7bbca2dcda3432b2b02
>
> Diff: https://git.reviewboard.kde.org/r/122733/diff/
>
>
> Testing
> -------
>
> Files inside the package are now found although the install location contains a symlink
>
>
> Thanks,
>
> Alex Richardson
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20150304/ec632a38/attachment.html>
More information about the Plasma-devel
mailing list