mirror of
https://github.com/pyenv/pyenv.git
synced 2024-11-21 20:47:00 -05:00
CVE-2022-35861: Fixed relative path traversal due to using version string in path (#2412)
This commit is contained in:
parent
0eba0a5bd5
commit
22fa683571
2 changed files with 22 additions and 3 deletions
|
@ -11,7 +11,14 @@ if [ -s "$VERSION_FILE" ]; then
|
|||
IFS="${IFS}"$'\r'
|
||||
sep=
|
||||
while read -n 1024 -r version _ || [[ $version ]]; do
|
||||
[[ -z $version || $version == \#* ]] && continue
|
||||
if [[ -z $version || $version == \#* ]]; then
|
||||
# Skip empty lines and comments
|
||||
continue
|
||||
elif [ "$version" = ".." ] || [[ $version == */* ]]; then
|
||||
# The version string is used to construct a path and we skip dubious values.
|
||||
# This prevents issues such as path traversal (CVE-2022-35861).
|
||||
continue
|
||||
fi
|
||||
printf "%s%s" "$sep" "$version"
|
||||
sep=:
|
||||
done <"$VERSION_FILE"
|
||||
|
|
|
@ -82,3 +82,15 @@ IN
|
|||
run pyenv-version-file-read my-version
|
||||
assert_success "3.9.3:3.8.9:2.7.16"
|
||||
}
|
||||
|
||||
@test "skips relative path traversal" {
|
||||
cat > my-version <<IN
|
||||
3.9.3
|
||||
3.8.9
|
||||
..
|
||||
./*
|
||||
2.7.16
|
||||
IN
|
||||
run pyenv-version-file-read my-version
|
||||
assert_success "3.9.3:3.8.9:2.7.16"
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue