core: Validate file names read from directory variants

In a future where we pull data from remote servers, we don't want
to allow path uplinks.
This commit is contained in:
Colin Walters 2011-11-16 23:23:30 -05:00
parent 4a26be1bef
commit aa865bbb83
3 changed files with 31 additions and 0 deletions

View File

@ -237,6 +237,9 @@ do_resolve_nonroot (OstreeRepoFile *self,
g_variant_get_child (container, i, "(&s&s&s)",
&name, &content_checksum, &metadata_checksum);
if (!ot_util_validate_file_name (name, error))
goto out;
if (!ostree_repo_load_variant_checked (self->repo, OSTREE_SERIALIZED_TREE_VARIANT,
content_checksum, &tree_contents,
error))

View File

@ -139,6 +139,31 @@ ot_util_filename_has_dotdot (const char *path)
return last == '\0' || last == '/';
}
gboolean
ot_util_validate_file_name (const char *name,
GError **error)
{
if (strcmp (name, ".") == 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Invalid self-reference '.' in filename '%s'", name);
return FALSE;
}
if (ot_util_filename_has_dotdot (name))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Invalid path uplink '..' in filename '%s'", name);
return FALSE;
}
if (strchr (name, '/') != NULL)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Invalid / in filename '%s'", name);
return FALSE;
}
return TRUE;
}
GPtrArray *
ot_util_path_split (const char *path)
{

View File

@ -45,6 +45,9 @@ void ot_util_fatal_gerror (GError *error) G_GNUC_NORETURN;
gboolean ot_util_filename_has_dotdot (const char *path);
gboolean ot_util_validate_file_name (const char *name,
GError **error);
GPtrArray *ot_util_sort_filenames_by_component_length (GPtrArray *files);
GPtrArray* ot_util_path_split (const char *path);