mirror of
https://github.com/falk-werner/webfuse
synced 2025-06-13 12:54:15 +00:00
fixes security issue: add_filesystem did not check name
This commit is contained in:
parent
2775d42647
commit
75c7ff4b69
@ -1,6 +1,7 @@
|
|||||||
#include "webfuse/adapter/impl/server_protocol.h"
|
#include "webfuse/adapter/impl/server_protocol.h"
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
#include <ctype.h>
|
||||||
#include <libwebsockets.h>
|
#include <libwebsockets.h>
|
||||||
|
|
||||||
#include "webfuse/core/message.h"
|
#include "webfuse/core/message.h"
|
||||||
@ -129,6 +130,21 @@ static void wf_impl_server_protocol_authenticate(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool wf_impl_server_protocol_check_name(char const * value)
|
||||||
|
{
|
||||||
|
while ('\0' != *value)
|
||||||
|
{
|
||||||
|
char const c = * value;
|
||||||
|
if (!isalpha(c) && !isdigit(c) && ('_' != c))
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
value++;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
static void wf_impl_server_protocol_add_filesystem(
|
static void wf_impl_server_protocol_add_filesystem(
|
||||||
struct wf_impl_jsonrpc_request * request,
|
struct wf_impl_jsonrpc_request * request,
|
||||||
char const * WF_UNUSED_PARAM(method_name),
|
char const * WF_UNUSED_PARAM(method_name),
|
||||||
@ -145,12 +161,24 @@ static void wf_impl_server_protocol_add_filesystem(
|
|||||||
if (json_is_string(name_holder))
|
if (json_is_string(name_holder))
|
||||||
{
|
{
|
||||||
name = json_string_value(name_holder);
|
name = json_string_value(name_holder);
|
||||||
|
if (wf_impl_server_protocol_check_name(name))
|
||||||
|
{
|
||||||
bool const success = wf_impl_session_add_filesystem(session, name);
|
bool const success = wf_impl_session_add_filesystem(session, name);
|
||||||
if (!success)
|
if (!success)
|
||||||
{
|
{
|
||||||
status = WF_BAD;
|
status = WF_BAD;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
status = WF_BAD_FORMAT;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
status = WF_BAD_FORMAT;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (WF_GOOD == status)
|
if (WF_GOOD == status)
|
||||||
|
Loading…
Reference in New Issue
Block a user