[rdesktop/f13] Prevent remote file access (CVE-2011-1595)

Kalev Lember kalev at fedoraproject.org
Mon May 30 06:49:06 UTC 2011 

commit a4a4221114b4274456c8c3b8234296ad3a4a9b39
Author: Kalev Lember <kalev at smartlink.ee>
Date:   Mon May 30 09:28:55 2011 +0300

    Prevent remote file access (CVE-2011-1595)
    
    Patch taken from:
    https://bugzilla.redhat.com/attachment.cgi?id=492845

 rdesktop-CVE-2011-1595.patch |   24 ++++++++++++++++++++++++
 rdesktop.spec                |    7 ++++++-
 2 files changed, 30 insertions(+), 1 deletions(-)
---
diff --git a/rdesktop-CVE-2011-1595.patch b/rdesktop-CVE-2011-1595.patch
new file mode 100644
index 0000000..b83d68c
--- /dev/null
+++ b/rdesktop-CVE-2011-1595.patch
@@ -0,0 +1,24 @@
+Index: disk.c
+===================================================================
+--- disk.c	(revision 1620)
++++ disk.c	(arbetskopia)
+@@ -356,6 +356,19 @@
+ 		filename[strlen(filename) - 1] = 0;
+ 	sprintf(path, "%s%s", g_rdpdr_device[device_id].local_path, filename);
+ 
++	/* Protect against mailicous servers:
++	   somelongpath/..     not allowed
++	   somelongpath/../b   not allowed
++	   somelongpath/..b    in principle ok, but currently not allowed
++	   somelongpath/b..    ok
++	   somelongpath/b..b   ok
++	   somelongpath/b../c  ok
++	 */
++	if (strstr(path, "/.."))
++	{
++		return RD_STATUS_ACCESS_DENIED;
++	}
++
+ 	switch (create_disposition)
+ 	{
+ 		case CREATE_ALWAYS:
diff --git a/rdesktop.spec b/rdesktop.spec
index 9aad1a0..04a041c 100644
--- a/rdesktop.spec
+++ b/rdesktop.spec
@@ -1,12 +1,13 @@
 Name:           rdesktop
 Version:        1.6.0
-Release:        9%{?dist}
+Release:        10%{?dist}
 Summary:        X client for remote desktop into Windows Terminal Server
 
 Group:          User Interface/Desktops
 License:        GPLv2+
 URL:            http://www.rdesktop.org/
 Source0:        http://downloads.sourceforge.net/rdesktop/%{name}-%{version}.tar.gz
+Patch0:         %{name}-CVE-2011-1595.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  libao-devel
 BuildRequires:  libX11-devel
@@ -21,6 +22,7 @@ desktop. Unlike Citrix ICA, no server extensions are required.
 
 %prep
 %setup -q
+%patch0 -p0 -b .CVE-2011-1595
 
 %build
 %configure --with-ipv6 --enable-smartcard --with-sound=libao
@@ -41,6 +43,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/*
 
 %changelog
+* Mon May 30 2011 Kalev Lember <kalev at smartlink.ee> - 1.6.0-10
+- Prevent remote file access (CVE-2011-1595)
+
 * Sat Nov 20 2010 Dominik Mierzejewski <rpm at greysector.net> - 1.6.0-9
 - add libao support (supports ALSA and PulseAudio, should fix bugs
   #503431 and #577878)

More information about the scm-commits mailing list