summaryrefslogtreecommitdiff
path: root/source/xap/rdesktop/rdesktop.CVE-2011-1595.diff
diff options
context:
space:
mode:
Diffstat (limited to 'source/xap/rdesktop/rdesktop.CVE-2011-1595.diff')
-rw-r--r--source/xap/rdesktop/rdesktop.CVE-2011-1595.diff22
1 files changed, 0 insertions, 22 deletions
diff --git a/source/xap/rdesktop/rdesktop.CVE-2011-1595.diff b/source/xap/rdesktop/rdesktop.CVE-2011-1595.diff
deleted file mode 100644
index 0db8c3bc..00000000
--- a/source/xap/rdesktop/rdesktop.CVE-2011-1595.diff
+++ /dev/null
@@ -1,22 +0,0 @@
---- ./disk.c.orig 2008-02-15 18:13:25.000000000 -0600
-+++ ./disk.c 2011-04-20 20:27:55.978000772 -0500
-@@ -356,6 +356,19 @@
- filename[strlen(filename) - 1] = 0;
- sprintf(path, "%s%s", g_rdpdr_device[device_id].local_path, filename);
-
-+ /* Protect against mailicous servers:
-+ somelongpath/.. not allowed
-+ somelongpath/../b not allowed
-+ somelongpath/..b in principle ok, but currently not allowed
-+ somelongpath/b.. ok
-+ somelongpath/b..b ok
-+ somelongpath/b../c ok
-+ */
-+ if (strstr(path, "/.."))
-+ {
-+ return RD_STATUS_ACCESS_DENIED;
-+ }
-+
- switch (create_disposition)
- {
- case CREATE_ALWAYS:
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-02 15:39:31 +0000