summaryrefslogtreecommitdiff
path: root/patches/source/rdesktop/rdesktop.CVE-2011-1595.diff
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/rdesktop/rdesktop.CVE-2011-1595.diff')
-rw-r--r--patches/source/rdesktop/rdesktop.CVE-2011-1595.diff22
1 files changed, 22 insertions, 0 deletions
diff --git a/patches/source/rdesktop/rdesktop.CVE-2011-1595.diff b/patches/source/rdesktop/rdesktop.CVE-2011-1595.diff
new file mode 100644
index 00000000..0db8c3bc
--- /dev/null
+++ b/patches/source/rdesktop/rdesktop.CVE-2011-1595.diff
@@ -0,0 +1,22 @@
+--- ./disk.c.orig 2008-02-15 18:13:25.000000000 -0600
++++ ./disk.c 2011-04-20 20:27:55.978000772 -0500
+@@ -356,6 +356,19 @@
+ filename[strlen(filename) - 1] = 0;
+ sprintf(path, "%s%s", g_rdpdr_device[device_id].local_path, filename);
+
++ /* Protect against mailicous servers:
++ somelongpath/.. not allowed
++ somelongpath/../b not allowed
++ somelongpath/..b in principle ok, but currently not allowed
++ somelongpath/b.. ok
++ somelongpath/b..b ok
++ somelongpath/b../c ok
++ */
++ if (strstr(path, "/.."))
++ {
++ return RD_STATUS_ACCESS_DENIED;
++ }
++
+ switch (create_disposition)
+ {
+ case CREATE_ALWAYS: