[XS] Change in pysim[master]: osmo-smdpp.py: fix path Traversal Bypass in SM-DP+ (CWE-22)
16 Apr
2026
16 Apr
'26
11:13 a.m.
Attention is currently required from: Hoernchen.
dexter has posted comments on this change by dexter. ( https://gerrit.osmocom.org/c/pysim/+/42625?usp=email )
Change subject: osmo-smdpp.py: fix path Traversal Bypass in SM-DP+ (CWE-22) ......................................................................
Patch Set 1:
(1 comment)
File osmo-smdpp.py:
https://gerrit.osmocom.org/c/pysim/+/42625/comment/a195ec08_6e9030a0?usp=ema... : PS1, Line 644: if not pathlib.Path(path).resolve().is_relative_to(self.upp_dir): I got the hint that resolving self.upp_dir as well might make sense in case we ever might end up using symlinks in the upp_dir.
--
To view, visit https://gerrit.osmocom.org/c/pysim/+/42625?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email
Gerrit-MessageType: comment
Gerrit-Project: pysim
Gerrit-Branch: master
Gerrit-Change-Id: I7a42b40aa2bbcd5f0ec99f172503354c6eaa9828
Gerrit-Change-Number: 42625
Gerrit-PatchSet: 1
Gerrit-Owner: dexter pmaier@sysmocom.de
Gerrit-Reviewer: Hoernchen ewild@sysmocom.de
Gerrit-CC: Jenkins Builder
Gerrit-Attention: Hoernchen ewild@sysmocom.de
Gerrit-Comment-Date: Thu, 16 Apr 2026 09:13:39 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
6
Age (days ago)
6
Last active (days ago)
0 comments
1 participants
participants (1)
-
dexter