widelands-dev team mailing list archive

Thread
Date

[Bug 724344] Re: Security issue in sending files in network game

To: widelands-dev@xxxxxxxxxxxxxxxxxxx
From: Nasenbaer <724344@xxxxxxxxxxxxxxxxxx>
Date: Sat, 05 Mar 2011 16:02:53 -0000
Reply-to: Bug 724344 <724344@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Okay, I wrote a news entry, but did not make it public until now, as I would like to first release a security update for Build15
I already updated the build15 branch.

Holger, would you care about the uploads, or could you give one of us
the right to release new files? :)

-- 
You received this bug notification because you are a member of Widelands
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/724344

Title:
  Security issue in sending files in network game

Status in Widelands:
  Fix Committed

Bug description:
  Network games have capability to send savegames and maps over network.
  Receiving player first checks if the file exists, and if it exists,
  existing file is renamed before new file is received. Handling of the
  received file is not secure as FileSystem classes support using ".."
  in path to go out of filesystem root. For example sending a file name
  like "../.bashrc" allows some nasty things to happen.

  To fix this issue either FileSystem code should enforce that file
  accesses stay within created file system's root. Alternatively paths
  coming from network should be validated and  "..",  "~" and "/"
  accesses should be filtered out. Perhaps it's wise to implement both.