wkd: Fix path traversal attack on gpg-wks-server.
c1489ca0e101
Actions

Edit Commit
Download Raw Diff
Edit Related Objects...
Edit Revisions
Edit Tasks
Mute Notifications
Award Token

Description

wkd: Fix path traversal attack on gpg-wks-server.

* tools/gpg-wks-server.c (check_and_publish): Check for invalid
characters in sender controlled data.
* tools/wks-util.c (wks_fname_from_userid): Ditto.
(wks_compute_hu_fname): Ditto.
(ensure_policy_file): Ditto.

Details

Provenance

• werner

Authored on Jul 25 2022, 9:46 AM

Parents

rG8c9f879d4aa0: scd:openpgp: Fix workaround for Yubikey heuristics.

Branches

Unknown

Tags

Unknown

Event Timeline

• werner committed rGc1489ca0e101: wkd: Fix path traversal attack on gpg-wks-server. (authored by • werner).Jul 25 2022, 2:50 PM

• werner mentioned this in T6105: Release GnuPG 2.2.37.Aug 24 2022, 5:22 PM

Changes (2)

Path

Size

tools/

gpg-wks-server.c

wks-util.c

rGc1489ca0e101

View Options

tools/gpg-wks-server.c

View Options

wkd: Fix path traversal attack on gpg-wks-server.c1489ca0e101Actions

Description

Details

Event Timeline

Changes (2)

rGc1489ca0e101

tools/gpg-wks-server.c

tools/wks-util.c

wkd: Fix path traversal attack on gpg-wks-server.
c1489ca0e101
Actions