mirror of
https://github.com/novatiq/packages.git
synced 2026-04-30 15:38:40 +01:00
Jonas Gorski
b7bcf24a00
Backport fixes for CVEs CVE-2018-14055 and CVE-2018-14056. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
From 5be22795dc7bc6362d67467b5e25c53dffba4df9 Mon Sep 17 00:00:00 2001
|
|
From: Alexey Sokolov <alexey+znc@asokolov.org>
|
|
Date: Sat, 14 Jul 2018 00:12:28 +0100
|
|
Subject: [PATCH 3/6] Don't let web skin name ../../../../ access files outside
|
|
of usual skins directories.
|
|
|
|
Thanks for Jeriko One <jeriko.one@gmx.us> for finding and reporting this.
|
|
---
|
|
src/WebModules.cpp | 8 +++++---
|
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
--- a/src/WebModules.cpp
|
|
+++ b/src/WebModules.cpp
|
|
@@ -521,13 +521,15 @@ CWebSock::EPageReqResult CWebSock::Print
|
|
}
|
|
|
|
CString CWebSock::GetSkinPath(const CString& sSkinName) {
|
|
- CString sRet = CZNC::Get().GetZNCPath() + "/webskins/" + sSkinName;
|
|
+ const CString sSkin = sSkinName.Replace_n("/", "_").Replace_n(".", "_");
|
|
+
|
|
+ CString sRet = CZNC::Get().GetZNCPath() + "/webskins/" + sSkin;
|
|
|
|
if (!CFile::IsDir(sRet)) {
|
|
- sRet = CZNC::Get().GetCurPath() + "/webskins/" + sSkinName;
|
|
+ sRet = CZNC::Get().GetCurPath() + "/webskins/" + sSkin;
|
|
|
|
if (!CFile::IsDir(sRet)) {
|
|
- sRet = CString(_SKINDIR_) + "/" + sSkinName;
|
|
+ sRet = CString(_SKINDIR_) + "/" + sSkin;
|
|
}
|
|
}
|
|
|