Bug 1252216 - Push extension configuration is vulnerable to CSRF and potentially code execution

author: David Lawrence <dkl@mozilla.com> 2016-03-01 14:13:53 +0100
committer: Dylan Hardison <dylan@mozilla.com> 2016-03-01 14:21:23 +0100
commit: e5b9aa6ef469adb5db2ff4b7575342bd79fd450a (patch)
tree: dde9651c912b6d3f55ff99904f79d9673f624e81 /extensions/Push/lib/Connector
parent: 4d956493207d37a7d9a24d398d86a8cf1ce86c2d (diff)
download: bugzilla-e5b9aa6ef469adb5db2ff4b7575342bd79fd450a.tar.gz
bugzilla-e5b9aa6ef469adb5db2ff4b7575342bd79fd450a.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/extensions/Push/lib/Connector/File.pm b/extensions/Push/lib/Connector/File.pm
index 2a8f4193d..563a78567 100644
--- a/extensions/Push/lib/Connector/File.pm
+++ b/extensions/Push/lib/Connector/File.pm
@@ -34,6 +34,8 @@ sub options {
                 my $filename = shift;
                 $filename =~ m#^/#
                     && die "Absolute paths are not permitted\n";
+                $filename =~ m#\.\.#
+                    && die "Relative paths are not permitted\n";
             },
         },
     );
author	David Lawrence <dkl@mozilla.com>	2016-03-01 14:13:53 +0100
committer	Dylan Hardison <dylan@mozilla.com>	2016-03-01 14:21:23 +0100
commit	e5b9aa6ef469adb5db2ff4b7575342bd79fd450a (patch)
tree	dde9651c912b6d3f55ff99904f79d9673f624e81 /extensions/Push/lib/Connector
parent	4d956493207d37a7d9a24d398d86a8cf1ce86c2d (diff)
download	bugzilla-e5b9aa6ef469adb5db2ff4b7575342bd79fd450a.tar.gz bugzilla-e5b9aa6ef469adb5db2ff4b7575342bd79fd450a.tar.xz