Historical bug tracker for the Pacman package manager.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
FS#73704 - Poor parsing of Content-Disposition:filename
Attached to Project:
Pacman
Opened by Allan McRae (Allan) - Thursday, 10 February 2022, 01:24 GMT
Last edited by Allan McRae (Allan) - Tuesday, 08 March 2022, 00:03 GMT
Opened by Allan McRae (Allan) - Thursday, 10 February 2022, 01:24 GMT
Last edited by Allan McRae (Allan) - Tuesday, 08 March 2022, 00:03 GMT
|
DetailsContent-Disposition:filename=""; will strndup(payload->content_disp_name, -1, ptr) from the header buffer
Content-Disposition:filename=";moredata fptr and endptr will both point to the " and result in -1 This just seems to be an information leakage and should be trivially patched. |
This task depends upon
Closed by Allan McRae (Allan)
Tuesday, 08 March 2022, 00:03 GMT
Reason for closing: Fixed
Additional comments about closing: git commit 40583ebe892018587ef354993dee15cff9c808d6
Tuesday, 08 March 2022, 00:03 GMT
Reason for closing: Fixed
Additional comments about closing: git commit 40583ebe892018587ef354993dee15cff9c808d6
Comment by Allan McRae (Allan) -
Sunday, 06 March 2022, 11:51 GMT
https://lists.archlinux.org/pipermail/pacman-dev/2022-March/025542.html