mirrors/github.com_openSUSE_osc
1
0
Fork 0
mirror of https://github.com/openSUSE/osc.git synced 2025-02-04 10:36:17 +01:00
Code

Merge pull request #797 from lethliel/fix_1122675

Browse Source 
fix security issue (bsc#1122675) no / in filename
This commit is contained in:
Marco Strigl 2020-05-27 11:23:49 +02:00 committed by GitHub
commit fdcd606122
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
osc/fetch.py
View File

@ -179,8 +179,11 @@ class Fetcher:
print('Unsupported file type: ', tmpfile, file=sys.stderr)
sys.exit(1)
canonname = pac_obj.binary
decoded_canonname = decode_it(canonname)
if b'/' in canonname or '/' in decoded_canonname:
raise oscerr.OscIOError(None, 'canonname contains a slash')
fullfilename = os.path.join(destdir, decode_it(canonname))
fullfilename = os.path.join(destdir, decoded_canonname)
if pac_obj is not None:
pac_obj.canonname = canonname
pac_obj.fullfilename = fullfilename