diff options
author | Nils Durner <durner@gnunet.org> | 2005-12-20 20:21:32 +0000 |
---|---|---|
committer | Nils Durner <durner@gnunet.org> | 2005-12-20 20:21:32 +0000 |
commit | a42191f9d61a87d374bf125a74732f751d9a2dc4 (patch) | |
tree | 5ec332865cab7c1d868834bc703d99a106d11cf4 | |
parent | 52ee5feb07d1c2ad912ea1963e0142900b3b289e (diff) | |
download | gnunet-gtk-a42191f9d61a87d374bf125a74732f751d9a2dc4.tar.gz gnunet-gtk-a42191f9d61a87d374bf125a74732f751d9a2dc4.zip |
avoid directory traversal
-rw-r--r-- | src/plugins/fs/download.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/plugins/fs/download.c b/src/plugins/fs/download.c index 2ee8becf..6698b329 100644 --- a/src/plugins/fs/download.c +++ b/src/plugins/fs/download.c | |||
@@ -420,6 +420,7 @@ void displayDownloadComplete(const struct ECRS_URI * uri, | |||
420 | GtkTreePath * path; | 420 | GtkTreePath * path; |
421 | struct ECRS_URI * u; | 421 | struct ECRS_URI * u; |
422 | char *dirPath; | 422 | char *dirPath; |
423 | char *dotdot; | ||
423 | 424 | ||
424 | pos = head; | 425 | pos = head; |
425 | while (pos != NULL) { | 426 | while (pos != NULL) { |
@@ -527,6 +528,12 @@ void displayDownloadComplete(const struct ECRS_URI * uri, | |||
527 | } | 528 | } |
528 | fnURL[len] = 0; | 529 | fnURL[len] = 0; |
529 | 530 | ||
531 | /* avoid directory traversal */ | ||
532 | while(dotdot = strstr("../")) { | ||
533 | dotdot[0] = '_'; | ||
534 | dotdot[1] = '_'; | ||
535 | } | ||
536 | |||
530 | /* If the file was downloaded before, fnURL is a symlink to | 537 | /* If the file was downloaded before, fnURL is a symlink to |
531 | dstFile */ | 538 | dstFile */ |
532 | if ((READLINK(fnURL, dummy, 1) == -1) && (errno == EINVAL)) { | 539 | if ((READLINK(fnURL, dummy, 1) == -1) && (errno == EINVAL)) { |