You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@karaf.apache.org by "Jean-Baptiste Onofré (Jira)" <ji...@apache.org> on 2022/01/10 08:21:00 UTC

[jira] [Resolved] (KARAF-7326) Fix potential partial path traversal

     [ https://issues.apache.org/jira/browse/KARAF-7326?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jean-Baptiste Onofré resolved KARAF-7326.
-----------------------------------------
    Fix Version/s: 4.4.0
                   4.3.6
                   4.2.15
       Resolution: Fixed

> Fix potential partial path traversal
> ------------------------------------
>
>                 Key: KARAF-7326
>                 URL: https://issues.apache.org/jira/browse/KARAF-7326
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf
>            Reporter: Jean-Baptiste Onofré
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 4.4.0, 4.3.6, 4.2.15
>
>
> In couple of Karaf code, `getCanonicalPath` transforms the path into a canonical form preventing such attack types as `..` in path segments. If the result of `targetDir.getCanonicalPath()` is not slash terminated it allows for partial path traversal.
> Consider `"/usr/outnot".startsWith("/usr/out")`. The check is bypassed although it is not the `out` directory.
> The terminating slash may be removed in various places. On Linux `println(new File("/var/"))` returns `/var`, but `println(new File("/var", "/"))` - `/var/`, however `println(new File("/var", "/").getCanonicalPath())` - `/var`.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)