diff options
| author | Kyle Ambroff <ambroff@lindenlab.com> | 2008-10-07 20:50:30 +0000 |
|---|---|---|
| committer | Kyle Ambroff <ambroff@lindenlab.com> | 2008-10-07 20:50:30 +0000 |
| commit | 095aca3eaea4cbc2237d2b3ad3d63fdad54eb2b7 (patch) | |
| tree | f003fd9ce7bc682e3114150cf17e273ceca589bd /indra/newview | |
| parent | b069bb9e71d31495f3f1312529d19fdb83c1779e (diff) | |
svn merge -r98039:98711 svn+ssh://svn.lindenlab.com/svn/linden/branches/Branch_1-24-Server --> release
Merging various security fixes from Branch_1-24-Server.
Related to RequestXfer exploit:
* DEV-21706 (SEC-188): llParticleSystem can be used to obtain asset id.
* DEV-21767: Migrate RequestXfer to TCP-only
* DEV-21765: Fix RequestXfer traversal exploit
* DEV-21775: LLXferManager::processFileRequest() still has file vulnerabilities
Various fixes:
* fix for VFS memory corruption in llvfs.
* Bump server version to 1.24.9.
Landstore fixes:
* Passing locale to fulfill-order-item from region reservation fulfillment.
Diffstat (limited to 'indra/newview')
| -rw-r--r-- | indra/newview/llfloaterregioninfo.cpp | 2 | ||||
| -rw-r--r-- | indra/newview/llviewermessage.cpp | 5 |
2 files changed, 7 insertions, 0 deletions
diff --git a/indra/newview/llfloaterregioninfo.cpp b/indra/newview/llfloaterregioninfo.cpp index f6dab5391a..e5193b8314 100644 --- a/indra/newview/llfloaterregioninfo.cpp +++ b/indra/newview/llfloaterregioninfo.cpp @@ -1306,6 +1306,7 @@ void LLPanelRegionTerrainInfo::onClickDownloadRaw(void* data) return; } std::string filepath = picker.getFirstFile(); + gXferManager->expectFileForRequest(filepath); LLPanelRegionTerrainInfo* self = (LLPanelRegionTerrainInfo*)data; strings_t strings; @@ -1325,6 +1326,7 @@ void LLPanelRegionTerrainInfo::onClickUploadRaw(void* data) return; } std::string filepath = picker.getFirstFile(); + gXferManager->expectFileForTransfer(filepath); LLPanelRegionTerrainInfo* self = (LLPanelRegionTerrainInfo*)data; strings_t strings; diff --git a/indra/newview/llviewermessage.cpp b/indra/newview/llviewermessage.cpp index b6c524065c..72bc991a24 100644 --- a/indra/newview/llviewermessage.cpp +++ b/indra/newview/llviewermessage.cpp @@ -5157,6 +5157,11 @@ void process_initiate_download(LLMessageSystem* msg, void**) msg->getString("FileData", "SimFilename", sim_filename); msg->getString("FileData", "ViewerFilename", viewer_filename); + if (!gXferManager->validateFileForRequest(viewer_filename)) + { + llwarns << "SECURITY: Unauthorized download to local file " << viewer_filename << llendl; + return; + } gXferManager->requestFile(viewer_filename, sim_filename, LL_PATH_NONE, |