diff options
-rw-r--r-- | pkgs/servers/search/qdrant/1.6.1-CVE-2024-2221.patch | 23 | ||||
-rw-r--r-- | pkgs/servers/search/qdrant/default.nix | 1 |
2 files changed, 24 insertions, 0 deletions
diff --git a/pkgs/servers/search/qdrant/1.6.1-CVE-2024-2221.patch b/pkgs/servers/search/qdrant/1.6.1-CVE-2024-2221.patch new file mode 100644 index 0000000000000..4ae822e305022 --- /dev/null +++ b/pkgs/servers/search/qdrant/1.6.1-CVE-2024-2221.patch @@ -0,0 +1,23 @@ +Based on upstream 3ab8ec7d14178bb2ac39a4bcc972f2258254196e with unnecessary +conflicting hunk dropped + +diff --git a/src/actix/api/snapshot_api.rs b/src/actix/api/snapshot_api.rs +index b8b40c6b..0fbed314 100644 +--- a/src/actix/api/snapshot_api.rs ++++ b/src/actix/api/snapshot_api.rs +@@ -75,6 +75,15 @@ pub async fn do_save_uploaded_snapshot( + ) -> std::result::Result<Url, StorageError> { + let filename = snapshot + .file_name ++ // Sanitize the file name: ++ // - only take the top level path (no directories such as ../) ++ // - require the file name to be valid UTF-8 ++ .and_then(|x| { ++ Path::new(&x) ++ .file_name() ++ .map(|filename| filename.to_owned()) ++ }) ++ .and_then(|x| x.to_str().map(|x| x.to_owned())) + .unwrap_or_else(|| Uuid::new_v4().to_string()); + let collection_snapshot_path = toc.snapshots_path_for_collection(collection_name); + if !collection_snapshot_path.exists() { diff --git a/pkgs/servers/search/qdrant/default.nix b/pkgs/servers/search/qdrant/default.nix index 3dd3b6227b684..bc628df4043b8 100644 --- a/pkgs/servers/search/qdrant/default.nix +++ b/pkgs/servers/search/qdrant/default.nix @@ -23,6 +23,7 @@ rustPlatform.buildRustPackage rec { patches = [ ./1.6.1-CVE-2024-3078.patch + ./1.6.1-CVE-2024-2221.patch ]; cargoLock = { |