Description: fix directory traversal in Ark
Origin: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635541#32
Bug-Debian: http://bugs.debian.org/635541
Author: Moritz Muehlenhoff <jmm@debian.org>
Reviewed-By: Jonathan Wiltshire <jmw@debian.org>
Last-Update: 2012-03-18

--- kdeutils-4.4.5.orig/ark/part/part.cpp
+++ kdeutils-4.4.5/ark/part/part.cpp
@@ -500,8 +500,15 @@ void Part::slotPreviewExtracted(KJob *jo
     if (!job->error()) {
         const ArchiveEntry& entry =
             m_model->entryForIndex(m_view->selectionModel()->currentIndex());
-        const QString fullName =
-            m_previewDir->name() + '/' + entry[ FileName ].toString();
+
+        QString fullName =
+            m_previewDir->name() + QLatin1Char('/') + entry[ FileName ].toString();
+
+        // Make sure a maliciously crafted archive with parent folders named ".." do
+        // not cause the previewed file path to be located outside the temporary
+        // directory, resulting in a directory traversal issue.
+        fullName.remove(QLatin1String("../"));
+
         ArkViewer::view(fullName, widget());
     } else {
         KMessageBox::error(widget(), job->errorString());