wkd: Fix path traversal attack on gpg-wks-server.
8a63a8c8257e
Actions

Edit Commit
Download Raw Diff
Edit Related Objects...
Edit Revisions
Edit Tasks
Mute Notifications
Award Token

Description

wkd: Fix path traversal attack on gpg-wks-server.

* tools/gpg-wks-server.c (check_and_publish): Check for invalid
characters in sender controlled data.
* tools/wks-util.c (wks_fname_from_userid): Ditto.
(wks_compute_hu_fname): Ditto.
(ensure_policy_file): Ditto.

Details

Provenance

• werner

Authored on Jul 25 2022, 9:46 AM

Parents

rG2791169aa9dd: build: Update gpg-error.m4.

Branches

Unknown

Tags

Unknown

Event Timeline

• werner committed rG8a63a8c8257e: wkd: Fix path traversal attack on gpg-wks-server. (authored by • werner).Jul 25 2022, 10:21 AM

• werner mentioned this in T6106: Release GnuPG 2.3.8.Oct 14 2022, 6:02 PM

Changes (2)

Path

Size

tools/

gpg-wks-server.c

wks-util.c

rG8a63a8c8257e

View Options

tools/gpg-wks-server.c

View Options

wkd: Fix path traversal attack on gpg-wks-server.8a63a8c8257eActions

Description

Details

Event Timeline

Changes (2)

rG8a63a8c8257e

tools/gpg-wks-server.c

tools/wks-util.c

wkd: Fix path traversal attack on gpg-wks-server.
8a63a8c8257e
Actions