https://bugs.kde.org/show_bug.cgi?id=453248
Bug ID: 453248
Summary: Path traversal bug when saving gradients
Product: krita
Version: 5.0.5
Platform: Neon Packages
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: Resource Management
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 148484
--> https://bugs.kde.org/attachment.cgi?id=148484&action=edit
Screen capture
SUMMARY
There's a path traversal bug when saving gradients in Krita. Krita doesn't
sanitize the name field used for the file names of gradients, dropping files
outside of the "$XDG_DATA_HOME/krita/gradients" directory.
Similar to Bug 429925.
I haven't tested it thoroughly but I have a feeling this bug may also be
present with other resource types. (palettes, brushes, etc.)
STEPS TO REPRODUCE
1. Create or open a new document
2. Gradients toolbar button -> Add...
3. Enter "../../../../test/abcd" as the name field
4. Click OK
OBSERVED RESULT
See attachment.
EXPECTED RESULT
Sanitize the name field before using it as a file name.
SOFTWARE/OS VERSIONS
Operating System: KDE neon 5.24
KDE Plasma Version: 5.24.4
KDE Frameworks Version: 5.93.0
Qt Version: 5.15.3
Graphics Platform: X11
--
You are receiving this mail because:
You are watching all bug changes.
