Bug 1924

Summary: XPM security fixes break writing XPM files with absolute path names
Product: xorg Reporter: Nils Philippsen <nils>
Component: Lib/XpmAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: high CC: dberkholz, eich, mharris, roland.mainz, sndirsch, thomas
Version: unspecified   
Hardware: x86 (IA32)   
OS: Linux (All)   
URL: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140815
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 1920    
Attachments:
Description Flags
Patch to remove extraneous test
none
xpm-sec9.diff none

Description Nils Philippsen 2004-11-26 01:31:17 UTC 
This bug is https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140815 originally.

The new sanity checks prevent using file names that start with a "/" which along
with other checks wouldn't let you use libXpm to write files that aren't in or
beneath the process's current working directory. Not exactly what you want if
you use it e.g. from the GIMP's xpm load/save plugin.

Altogether, these checks seem to me to have the intention of working around
missing similar checks in calling applications (just a rough guess) but in this
instance I think it's obvious that the fixes have to be done in the applications
themselves to avoid regressions.
Comment 1 Matthieu Herrb 2004-11-26 15:10:11 UTC 
Created attachment 1407 [details] [review]
Patch to remove extraneous test
Comment 2 Mike A. Harris 2004-11-29 12:24:03 UTC 
Please make sure this gets applied to 6.8 stable branch also.
Comment 3 Stefan Dirsch 2004-12-03 03:31:20 UTC 
Created attachment 1454 [details] [review]
xpm-sec9.diff

Unfortunately 1407 was not sufficient for me. You need this one as well. :-(
Comment 4 Thomas Biege 2004-12-06 06:01:11 UTC 
Hello Nils,
yes you are absolutely right. These checks should be part of the application not
the library.
Comment 5 Matthieu Herrb 2004-12-11 08:30:46 UTC 
This is handled by the patch in #1920 commited to the trunk.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.