about summary refs log tree commit diff
path: root/pkgs/servers/search/qdrant/1.6.1-CVE-2024-2221.patch
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/servers/search/qdrant/1.6.1-CVE-2024-2221.patch')
-rw-r--r--pkgs/servers/search/qdrant/1.6.1-CVE-2024-2221.patch23
1 files changed, 23 insertions, 0 deletions
diff --git a/pkgs/servers/search/qdrant/1.6.1-CVE-2024-2221.patch b/pkgs/servers/search/qdrant/1.6.1-CVE-2024-2221.patch
new file mode 100644
index 0000000000000..4ae822e305022
--- /dev/null
+++ b/pkgs/servers/search/qdrant/1.6.1-CVE-2024-2221.patch
@@ -0,0 +1,23 @@
+Based on upstream 3ab8ec7d14178bb2ac39a4bcc972f2258254196e with unnecessary
+conflicting hunk dropped
+
+diff --git a/src/actix/api/snapshot_api.rs b/src/actix/api/snapshot_api.rs
+index b8b40c6b..0fbed314 100644
+--- a/src/actix/api/snapshot_api.rs
++++ b/src/actix/api/snapshot_api.rs
+@@ -75,6 +75,15 @@ pub async fn do_save_uploaded_snapshot(
+ ) -> std::result::Result<Url, StorageError> {
+     let filename = snapshot
+         .file_name
++        // Sanitize the file name:
++        // - only take the top level path (no directories such as ../)
++        // - require the file name to be valid UTF-8
++        .and_then(|x| {
++            Path::new(&x)
++                .file_name()
++                .map(|filename| filename.to_owned())
++        })
++        .and_then(|x| x.to_str().map(|x| x.to_owned()))
+         .unwrap_or_else(|| Uuid::new_v4().to_string());
+     let collection_snapshot_path = toc.snapshots_path_for_collection(collection_name);
+     if !collection_snapshot_path.exists() {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-17 09:11:01 +0000