[Python-bugs-list] [ python-Bugs-438083 ] uu module allows hostile paths
noreply@sourceforge.net
noreply@sourceforge.net
Mon, 02 Jul 2001 17:15:46 -0700
Bugs item #438083, was opened at 2001-07-02 17:15
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=438083&group_id=5470
Category: Python Library
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: uu module allows hostile paths
Initial Comment:
hello,
the uu module does not appear to do any checking
on the file name included in the uuencoded data.
as far as i can see, it allows absolute paths and
will happily overwrite anything.
you can pass file objects to it, but
then the information about the file name is lost.
i've attached a sketchy patch.
-- erno@iki.fi
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=438083&group_id=5470