File: 04_CVE-2008-0252.diff

package info (click to toggle)
python-cherrypy 2.2.1-3etch1
  • links: PTS
  • area: main
  • in suites: etch
  • size: 804 kB
  • ctags: 1,079
  • sloc: python: 7,869; makefile: 15
file content (12 lines) | stat: -rw-r--r-- 715 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
 
diff -naur python-cherrypy-2.2.1.org/cherrypy/filters/sessionfilter.py python-cherrypy-2.2.1/cherrypy/filters/sessionfilter.py
--- python-cherrypy-2.2.1.org/cherrypy/filters/sessionfilter.py	2008-01-18 16:21:27.000000000 +0100
+++ python-cherrypy-2.2.1/cherrypy/filters/sessionfilter.py	2008-01-18 16:23:36.000000000 +0100
@@ -326,6 +326,8 @@
             raise SessionStoragePathNotConfiguredError()
         fileName = self.SESSION_PREFIX + id
         file_path = os.path.join(storage_path, fileName)
+        if not os.path.normpath(file_path).startswith(storage_path):
+            raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
         return file_path
     
     def _lock_file(self, path):