[rdesktop/f13] Prevent remote file access (CVE-2011-1595)
Kalev Lember
kalev at fedoraproject.org
Mon May 30 06:49:06 UTC 2011
commit a4a4221114b4274456c8c3b8234296ad3a4a9b39
Author: Kalev Lember <kalev at smartlink.ee>
Date: Mon May 30 09:28:55 2011 +0300
Prevent remote file access (CVE-2011-1595)
Patch taken from:
https://bugzilla.redhat.com/attachment.cgi?id=492845
rdesktop-CVE-2011-1595.patch | 24 ++++++++++++++++++++++++
rdesktop.spec | 7 ++++++-
2 files changed, 30 insertions(+), 1 deletions(-)
---
diff --git a/rdesktop-CVE-2011-1595.patch b/rdesktop-CVE-2011-1595.patch
new file mode 100644
index 0000000..b83d68c
--- /dev/null
+++ b/rdesktop-CVE-2011-1595.patch
@@ -0,0 +1,24 @@
+Index: disk.c
+===================================================================
+--- disk.c (revision 1620)
++++ disk.c (arbetskopia)
+@@ -356,6 +356,19 @@
+ filename[strlen(filename) - 1] = 0;
+ sprintf(path, "%s%s", g_rdpdr_device[device_id].local_path, filename);
+
++ /* Protect against mailicous servers:
++ somelongpath/.. not allowed
++ somelongpath/../b not allowed
++ somelongpath/..b in principle ok, but currently not allowed
++ somelongpath/b.. ok
++ somelongpath/b..b ok
++ somelongpath/b../c ok
++ */
++ if (strstr(path, "/.."))
++ {
++ return RD_STATUS_ACCESS_DENIED;
++ }
++
+ switch (create_disposition)
+ {
+ case CREATE_ALWAYS:
diff --git a/rdesktop.spec b/rdesktop.spec
index 9aad1a0..04a041c 100644
--- a/rdesktop.spec
+++ b/rdesktop.spec
@@ -1,12 +1,13 @@
Name: rdesktop
Version: 1.6.0
-Release: 9%{?dist}
+Release: 10%{?dist}
Summary: X client for remote desktop into Windows Terminal Server
Group: User Interface/Desktops
License: GPLv2+
URL: http://www.rdesktop.org/
Source0: http://downloads.sourceforge.net/rdesktop/%{name}-%{version}.tar.gz
+Patch0: %{name}-CVE-2011-1595.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libao-devel
BuildRequires: libX11-devel
@@ -21,6 +22,7 @@ desktop. Unlike Citrix ICA, no server extensions are required.
%prep
%setup -q
+%patch0 -p0 -b .CVE-2011-1595
%build
%configure --with-ipv6 --enable-smartcard --with-sound=libao
@@ -41,6 +43,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/*
%changelog
+* Mon May 30 2011 Kalev Lember <kalev at smartlink.ee> - 1.6.0-10
+- Prevent remote file access (CVE-2011-1595)
+
* Sat Nov 20 2010 Dominik Mierzejewski <rpm at greysector.net> - 1.6.0-9
- add libao support (supports ALSA and PulseAudio, should fix bugs
#503431 and #577878)
More information about the scm-commits
mailing list