Ticket Navigation

Ticket #9981 (new defect)

Opened 1 year ago

Last modified 1 year ago

[PATCH] SQL injection vulnerability patch for TracDownloads

Reported by:	aleksihanninen	Assigned to:	Blackhex
Priority:	normal	Component:	DownloadsPlugin
Severity:	normal	Keywords:
Cc:		Trac Release:	0.12

Description

There is a SQL injection vulnerability in the Trac Downloads plugin.

Two patches are provided as attached:

1. tracdownloads_sql_injection_vulnerability.patch

2. tracdownloads_patch_complete.patch

Use the first "sql injection vulnerability" patch to fix the vulnerability. The patch also introduces fix in the download link resolver (link generation for download files in wiki context) by file.

A more complete, but unfortunately largely untested, "complete" patch contains the first "sql injection vulnerability" patch and also introduces other fixes, like:

- Editing just the description of the downloads won't crash. (If editing just the description of the downloads, you shouldn't expect any file to be uploaded) - Since components should not use self.*, add a dict req_data and use that instead. This improves the security of concurrency.

Unfortunately, I haven't been able to test this with Vanilla trac, and I give no guarantees whatsoever. However, the first patch should work without problems.

My environment consists of Apache, Linux, Python 2.6, and Trac 0.12.1.

Attachments

tracdownloads_sql_injection_vulnerability.patch (5.7 kB) - added by aleksihanninen on 04/19/12 15:25:39.
tracdownloads_patch_complete.patch (30.8 kB) - added by aleksihanninen on 04/19/12 15:27:10.

Change History

Add/Change #9981 ([PATCH] SQL injection vulnerability patch for TracDownloads)

Your email or username:

Comment (you may use WikiFormatting here):

Change Properties

Summary:
Type:
Priority:		Component:
Severity:		Keywords:
Cc:		Trac Release:

Action leave as new
accept ticket
resolve as:
reassign to:

Download in other formats: