Bug 1924 - XPM security fixes break writing XPM files with absolute path names
Summary: XPM security fixes break writing XPM files with absolute path names
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Lib/Xpm (show other bugs)
Version: unspecified
Hardware: x86 (IA32) Linux (All)
: high normal
Assignee: Xorg Project Team
QA Contact:
URL: https://bugzilla.redhat.com/bugzilla/...
Whiteboard:
Keywords:
Depends on:
Blocks: 1920
  Show dependency treegraph
 
Reported: 2004-11-26 01:31 UTC by Nils Philippsen
Modified: 2004-12-10 13:30 UTC (History)
6 users (show)

See Also:
i915 platform:
i915 features:

Attachments
Patch to remove extraneous test (593 bytes, patch)
2004-11-26 15:10 UTC, Matthieu Herrb 		no flags Details | Splinter Review
xpm-sec9.diff (403 bytes, patch)
2004-12-03 03:31 UTC, Stefan Dirsch 		no flags Details | Splinter Review
View All

Description Nils Philippsen 2004-11-26 01:31:17 UTC 
This bug is https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140815 originally.

The new sanity checks prevent using file names that start with a "/" which along
with other checks wouldn't let you use libXpm to write files that aren't in or
beneath the process's current working directory. Not exactly what you want if
you use it e.g. from the GIMP's xpm load/save plugin.

Altogether, these checks seem to me to have the intention of working around
missing similar checks in calling applications (just a rough guess) but in this
instance I think it's obvious that the fixes have to be done in the applications
themselves to avoid regressions.
Comment 1 Matthieu Herrb 2004-11-26 15:10:11 UTC 
Created attachment 1407 [details] [review]
Patch to remove extraneous test
Comment 2 Mike A. Harris 2004-11-29 12:24:03 UTC 
Please make sure this gets applied to 6.8 stable branch also.
Comment 3 Stefan Dirsch 2004-12-03 03:31:20 UTC 
Created attachment 1454 [details] [review]
xpm-sec9.diff

Unfortunately 1407 was not sufficient for me. You need this one as well. :-(
Comment 4 Thomas Biege 2004-12-06 06:01:11 UTC 
Hello Nils,
yes you are absolutely right. These checks should be part of the application not
the library.
Comment 5 Matthieu Herrb 2004-12-11 08:30:46 UTC 
This is handled by the patch in #1920 commited to the trunk.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.