Bug 1924 - XPM security fixes break writing XPM files with absolute path names
Summary: XPM security fixes break writing XPM files with absolute path names
Alias: None
Product: xorg
Classification: Unclassified
Component: Lib/Xpm (show other bugs)
Version: unspecified
Hardware: x86 (IA32) Linux (All)
: high normal
Assignee: Xorg Project Team
QA Contact:
URL: https://bugzilla.redhat.com/bugzilla/...
Depends on:
Blocks: 1920
  Show dependency treegraph
Reported: 2004-11-26 01:31 UTC by Nils Philippsen
Modified: 2004-12-10 13:30 UTC (History)
6 users (show)

See Also:
i915 platform:
i915 features:

Patch to remove extraneous test (593 bytes, patch)
2004-11-26 15:10 UTC, Matthieu Herrb
no flags Details | Splinter Review
xpm-sec9.diff (403 bytes, patch)
2004-12-03 03:31 UTC, Stefan Dirsch
no flags Details | Splinter Review

Description Nils Philippsen 2004-11-26 01:31:17 UTC
This bug is https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140815 originally.

The new sanity checks prevent using file names that start with a "/" which along
with other checks wouldn't let you use libXpm to write files that aren't in or
beneath the process's current working directory. Not exactly what you want if
you use it e.g. from the GIMP's xpm load/save plugin.

Altogether, these checks seem to me to have the intention of working around
missing similar checks in calling applications (just a rough guess) but in this
instance I think it's obvious that the fixes have to be done in the applications
themselves to avoid regressions.
Comment 1 Matthieu Herrb 2004-11-26 15:10:11 UTC
Created attachment 1407 [details] [review]
Patch to remove extraneous test
Comment 2 Mike A. Harris 2004-11-29 12:24:03 UTC
Please make sure this gets applied to 6.8 stable branch also.
Comment 3 Stefan Dirsch 2004-12-03 03:31:20 UTC
Created attachment 1454 [details] [review]

Unfortunately 1407 was not sufficient for me. You need this one as well. :-(
Comment 4 Thomas Biege 2004-12-06 06:01:11 UTC
Hello Nils,
yes you are absolutely right. These checks should be part of the application not
the library. 
Comment 5 Matthieu Herrb 2004-12-11 08:30:46 UTC
This is handled by the patch in #1920 commited to the trunk.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.