Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
base repository: PierreLvx/qpress
base: 20170415
Choose a base ref
head repository: PierreLvx/qpress
compare: 20220819
Choose a head ref
  • 12 commits
  • 9 files changed
  • 6 contributors

Commits on Mar 22, 2020

  1. Patch for Ubuntu Bionic (#4)

    * Add explicit braces to avoid GCC error.
    
    * Update readme.
    PierreLvx committed Mar 22, 2020

Commits on Dec 23, 2020

Commits on Jul 14, 2021

Commits on Oct 30, 2021

  1. Fix compiler error.

    PierreLvx committed Oct 30, 2021

Commits on Jun 23, 2022

  1. Remove unused headers. (#5)

    * Remove unused headers according to clion warnings.
    
    * Fix false positive from clion RE header (breaks build on Ubuntu).
    PierreLvx committed Jun 23, 2022

Commits on Aug 19, 2022

  1. Fix qpress directory traversal vulnerability (#6)

    A bad actor user can prepare the payload as:
    
    ```
    mkdir -p AAAAAAAAA/secure_file_priv_dir
    touch AAAAAAAAA/secure_file_priv_dir/evil.so
    qpress -r AAAAAAAAA payload.qp
    Then edit the payload.qp in a hex editor or sed to replace AAAAAAAAA with ../../../
    (example: sed -i 's/AAAAAAAAA/..\/..\/..\//' payload.qp)
    ```
    
    Fix bug by checking the directory and reject the command if find the attempt to traversal
    
    Test: see example above and try to reproduce it. Before fix you can observe
    traversal. After fix - the error message(File path contains directory traversal
    which is not allowed.) shown, no traversal observe.
    
    All new code of the whole pull request, including one or several files
    that are either new files or modified ones, are contributed under the BSD-new
    license.  I am contributing on behalf of my employer Amazon Web Services,
    Inc.
    
    Co-authored-by: Mikhail Chalov <mcchalov@amazon.com>
    Chaloff and Chaloff committed Aug 19, 2022
  2. Update readme.

    PierreLvx committed Aug 19, 2022