[XS] Change in pysim[master]: osmo-smdpp.py: fix path Traversal Bypass in SM-DP+ (CWE-22) - gerrit-log

16 Apr 2026


      Attention is currently required from: Hoernchen, dexter.
osmith has posted comments on this change by dexter. ( https://gerrit.osmocom.org/c/pysim/+/42625?usp=email )
Change subject: osmo-smdpp.py: fix path Traversal Bypass in SM-DP+ (CWE-22)
......................................................................
Patch Set 1: Code-Review-1
(1 comment)
File osmo-smdpp.py:
https://gerrit.osmocom.org/c/pysim/+/42625/comment/6a2b3611_64585aa9?usp=ema... :
PS1, Line 643:                 if os.path.commonprefix((os.path.realpath(path),self.upp_dir)) != self.upp_dir:
The commit message doesn't make sense, given that there is `os.path.realpath(path)` already I don't see how this could be exploited...
```
...
...
...
upp_dir = "/tmp/"
path = "/tmp/../etc/passwd"
os.path.commonprefix((os.path.realpath(path), upp_dir))
'/'
...
...
...
os.path.commonprefix((os.path.realpath(path), upp_dir)) == upp_dir
False
```
-- 
To view, visit https://gerrit.osmocom.org/c/pysim/+/42625?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: comment
Gerrit-Project: pysim
Gerrit-Branch: master
Gerrit-Change-Id: I7a42b40aa2bbcd5f0ec99f172503354c6eaa9828
Gerrit-Change-Number: 42625
Gerrit-PatchSet: 1
Gerrit-Owner: dexter pmaier@sysmocom.de
Gerrit-Reviewer: Hoernchen ewild@sysmocom.de
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: osmith osmith@sysmocom.de
Gerrit-Attention: Hoernchen ewild@sysmocom.de
Gerrit-Attention: dexter pmaier@sysmocom.de
Gerrit-Comment-Date: Thu, 16 Apr 2026 10:07:37 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes