From ac02f2426054a66eec23bbee8584fe2043934d78 Mon Sep 17 00:00:00 2001
From: Kalev Lember <kalev@smartlink.ee>
Date: May 30 2011 06:29:07 +0000
Subject: Prevent remote file access (CVE-2011-1595)


Patch taken from:
https://bugzilla.redhat.com/attachment.cgi?id=492845

---

diff --git a/rdesktop-CVE-2011-1595.patch b/rdesktop-CVE-2011-1595.patch
new file mode 100644
index 0000000..b83d68c
--- /dev/null
+++ b/rdesktop-CVE-2011-1595.patch
@@ -0,0 +1,24 @@
+Index: disk.c
+===================================================================
+--- disk.c	(revision 1620)
++++ disk.c	(arbetskopia)
+@@ -356,6 +356,19 @@
+ 		filename[strlen(filename) - 1] = 0;
+ 	sprintf(path, "%s%s", g_rdpdr_device[device_id].local_path, filename);
+ 
++	/* Protect against mailicous servers:
++	   somelongpath/..     not allowed
++	   somelongpath/../b   not allowed
++	   somelongpath/..b    in principle ok, but currently not allowed
++	   somelongpath/b..    ok
++	   somelongpath/b..b   ok
++	   somelongpath/b../c  ok
++	 */
++	if (strstr(path, "/.."))
++	{
++		return RD_STATUS_ACCESS_DENIED;
++	}
++
+ 	switch (create_disposition)
+ 	{
+ 		case CREATE_ALWAYS:
diff --git a/rdesktop.spec b/rdesktop.spec
index cc25caa..3cf587b 100644
--- a/rdesktop.spec
+++ b/rdesktop.spec
@@ -1,6 +1,6 @@
 Name:           rdesktop
 Version:        1.6.0
-Release:        11%{?dist}
+Release:        12%{?dist}
 Summary:        X client for remote desktop into Windows Terminal Server
 
 Group:          User Interface/Desktops
@@ -9,6 +9,7 @@ URL:            http://www.rdesktop.org/
 Source0:        http://downloads.sourceforge.net/rdesktop/%{name}-%{version}.tar.gz
 Patch0:         %{name}-pcsc.patch
 Patch1:         %{name}-libao.patch
+Patch2:         %{name}-CVE-2011-1595.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  libao-devel
 BuildRequires:  libX11-devel
@@ -25,6 +26,7 @@ desktop. Unlike Citrix ICA, no server extensions are required.
 %setup -q
 %patch0 -p1 -b .pcsc
 %patch1 -p1 -b .ao
+%patch2 -p0 -b .CVE-2011-1595
 
 %build
 %configure --with-ipv6 --enable-smartcard --with-sound=libao
@@ -45,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/*
 
 %changelog
+* Mon May 30 2011 Kalev Lember <kalev@smartlink.ee> - 1.6.0-12
+- Prevent remote file access (CVE-2011-1595)
+
 * Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.0-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild