← Back to branch summary

~network-manager/network-manager/ubuntu.vivid

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2015-1322.patch

  • Committer: Mathieu Trudel-Lapierre
  • Date: 2015-04-28 19:49:51 UTC
  • Revision ID: mathieu.trudel-lapierre@canonical.com-20150428194951-tawtiaxd9k6ft9wf
Tags: 0.9.10.0-4ubuntu15.1
releasing package network-manager version 0.9.10.0-4ubuntu15.1

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2015-1322.patch
 
1
Description: fix directory traversal issue resulting in connection
 
2
 modification and possible arbitrary file disclosure
 
3
Author: Mathieu Trudel-Lapierre <mathieu-tl@ubuntu.com>
 
4
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1449245
 
5
 
 
6
Index: network-manager-0.9.10.0/src/settings/plugins/ofono/plugin.c
 
7
===================================================================
 
8
--- network-manager-0.9.10.0.orig/src/settings/plugins/ofono/plugin.c   2015-04-27 16:22:21.000000000 -0400
 
9
+++ network-manager-0.9.10.0/src/settings/plugins/ofono/plugin.c        2015-04-28 07:05:51.388669179 -0400
 
10
@@ -179,6 +179,9 @@
 
11
        GKeyFile *keyfile = NULL;
 
12
        GError *tmp_error = NULL;
 
13
 
 
14
+       if (g_strstr_len (imsi, -1, "/") != NULL)
 
15
+               goto patherror;
 
16
+
 
17
        imsi_path = g_strdup_printf (OFONO_CONFIG_DIR "/%s", imsi);
 
18
        imsi_dir = g_dir_open (imsi_path, 0, NULL);
 
19
 
 
20
@@ -246,6 +249,7 @@
 
21
                return TRUE;
 
22
        }
 
23
 
 
24
+patherror:
 
25
        if (tmp_error) {
 
26
                g_propagate_error (error, tmp_error);
 
27
                g_clear_error (&tmp_error);