widelands-dev team mailing list archive

Thread
Date

[Bug 724344] [NEW] Security issue in sending files in network game

To: widelands-dev@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <724344@xxxxxxxxxxxxxxxxxx>
Date: Fri, 04 Mar 2011 06:26:10 -0000
Reply-to: Bug 724344 <724344@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

You have been subscribed to a private security bug by Jari Hautio (jarih):

Network games have capability to send savegames and maps over network.
Receiving player first checks if the file exists, and if it exists,
existing file is renamed before new file is received. Handling of the
received file is not secure as FileSystem classes support using ".." in
path to go out of filesystem root. For example sending a file name like
"../.bashrc" allows some nasty things to happen.

To fix this issue either FileSystem code should enforce that file
accesses stay within created file system's root. Alternatively paths
coming from network should be validated and  "..",  "~" and "/" accesses
should be filtered out. Perhaps it's wise to implement both.

** Affects: widelands
     Importance: Critical
     Assignee: Nasenbaer (nasenbaer)
         Status: Fix Committed

-- 
Security issue in sending files in network game
https://bugs.launchpad.net/bugs/724344
You received this bug notification because you are a member of Widelands Developers, which is a direct subscriber.