upstream/oracle/userland-gate: components/desktop/rdesktop/patches/rdesktop-04-remote-file-access.patch@e40cd9caccc7 (annotated)

7330 e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	1	Existing set of patches from the desktop gate. Potentially send upstream
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	2
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	3	--- rdesktop-1.6.0.orig/disk.c 2008-02-16 01:13:25.000000000 +0100
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	4	+++ rdesktop-1.6.0/disk.c 2011-06-13 18:29:54.232977906 +0200
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	5	@@ -356,6 +356,19 @@
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	6	filename[strlen(filename) - 1] = 0;
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	7	sprintf(path, "%s%s", g_rdpdr_device[device_id].local_path, filename);
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	8
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	9	+ /* Protect against mailicous servers:
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	10	+ somelongpath/.. # not allowed
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	11	+ /../b # not allowed
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	12	+ /..b # currently not allowed
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	13	+ /b.. # allowed
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	14	+ /b..b # allowed
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	15	+ /b../c # allowed
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	16	+ */
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	17	+ if (strstr(path, "/.."))
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	18	+ {
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	19	+ return RD_STATUS_ACCESS_DENIED;
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	20	+ }
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	21	+
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	22	switch (create_disposition)
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	23	{
e40cd9caccc7 23245493 Move rdesktop 1.6.0 to Userland Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	24	case CREATE_ALWAYS:

author	Niveditha Rau <Niveditha.Rau@Oracle.COM>
	Wed, 16 Nov 2016 18:51:09 -0800
changeset 7330	e40cd9caccc7
permissions	-rw-r--r--