summaryrefslogtreecommitdiffstats
path: root/src/pacman/po/ro.po
diff options
context:
space:
mode:
authorSimon Gomizelj <simongmzlj@gmail.com>2013-05-22 06:43:11 +0200
committerAllan McRae <allan@archlinux.org>2013-06-04 05:45:12 +0200
commitdd62fde53ec00f1b08d312951b919e15050efe86 (patch)
treef0e2376a933734276a74b7445687bfba724aef08 /src/pacman/po/ro.po
parentfe794ccb25d3ab1f7c07331b437b61c30c08a018 (diff)
downloadpacman-dd62fde53ec00f1b08d312951b919e15050efe86.tar.gz
pacman-dd62fde53ec00f1b08d312951b919e15050efe86.tar.xz
validate %FILEPATH% when parsing repo dbs
Currently we make no effort to validate the %FILENAME% field in the repo db. This allows for relative paths to be considered valid. A carefully crafted db entry with a malicious relative path, (e.g. `../../../../etc/passwd`) will cause pacman to to overwrite _any_ file on the target's machine. Add the following validation: - doesn't start with '.' - doesn't contain a '/' - won't overflow PATH_MAX Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'src/pacman/po/ro.po')
0 files changed, 0 insertions, 0 deletions