Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
accountsservice
CVE-2018-14036.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-14036.patch of Package accountsservice
diff --git a/src/user.c b/src/user.c index 0fb1a17..d2300a7 100644 --- a/src/user.c +++ b/src/user.c @@ -1390,6 +1390,14 @@ user_change_icon_file_authorized_cb (Daemon *daemon, } file = g_file_new_for_path (filename); + g_clear_pointer (&filename, g_free); + + /* Canonicalize path so we can call g_str_has_prefix on it + * below without concern for ../ path components moving outside + * the prefix + */ + filename = g_file_get_path (file); + info = g_file_query_info (file, G_FILE_ATTRIBUTE_UNIX_MODE "," G_FILE_ATTRIBUTE_STANDARD_TYPE "," G_FILE_ATTRIBUTE_STANDARD_SIZE,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor