Home GnuPG
Diffusion GnuPG 8a63a8c8257e

wkd: Fix path traversal attack on gpg-wks-server.

Description

wkd: Fix path traversal attack on gpg-wks-server.

* tools/gpg-wks-server.c (check_and_publish): Check for invalid
characters in sender controlled data.
* tools/wks-util.c (wks_fname_from_userid): Ditto.
(wks_compute_hu_fname): Ditto.
(ensure_policy_file): Ditto.

Details

Provenance
wernerAuthored on Jul 25 2022, 9:46 AM
Parents
rG2791169aa9dd: build: Update gpg-error.m4.
Branches
Unknown
Tags
Unknown