[Libreoffice-commits] online.git: 2 commits - loolwsd/LOOLWSD.cpp

Wed Jan 13 07:51:56 PST 2016

loolwsd/LOOLWSD.cpp |   36 +++++++++++++++++++++++++++---------
 1 file changed, 27 insertions(+), 9 deletions(-)

New commits:
commit d20eaa3014d8bee27c41b8447323a4e6166e1d07
Author: Jan Holesovsky <kendy at collabora.com>
Date:   Wed Jan 13 16:35:55 2016 +0100

    loolwsd: More protection when inserting image.

diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index 07dbcf2..b4d1e5e 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -374,16 +374,34 @@ public:
                 std::string tmpPath;
                 ConvertToPartHandler handler(tmpPath);
                 Poco::Net::HTMLForm form(request, request.stream(), handler);
-                if (form.has("childid") && form.has("name"))
-                {
-                    const std::string dirPath = LOOLWSD::childRoot + form.get("childid")
-                                              + JailedDocumentRoot + "insertfile";
-                    File(dirPath).createDirectories();
-                    std::string fileName = dirPath + Path::separator() + form.get("name");
-                    File(tmpPath).moveTo(fileName);
 
-                    response.setStatus(HTTPResponse::HTTP_OK);
-                    response.send();
+                bool goodRequest = form.has("childid") && form.has("name");
+                std::string formChildid(form.get("childid"));
+                std::string formName(form.get("name"));
+
+                // protect against attempts to inject something funny here
+                if (goodRequest && formChildid.find('/') != std::string::npos && formName.find('/') != std::string::npos)
+                    goodRequest = false;
+
+                if (goodRequest)
+                {
+                    try {
+                        Log::info() << "Perform insertfile: " << formChildid << ", " << formName << Log::end;
+                        const std::string dirPath = LOOLWSD::childRoot + formChildid
+                                                  + JailedDocumentRoot + "insertfile";
+                        File(dirPath).createDirectories();
+                        std::string fileName = dirPath + Path::separator() + form.get("name");
+                        File(tmpPath).moveTo(fileName);
+
+                        response.setStatus(HTTPResponse::HTTP_OK);
+                        response.send();
+                    }
+                    catch (const IOException& exc)
+                    {
+                        Log::info() << "IOException: " << exc.message() << Log::end;
+                        response.setStatus(HTTPResponse::HTTP_BAD_REQUEST);
+                        response.send();
+                    }
                 }
                 else
                 {
commit b47fe0bd0bc5d007286d722a183b2b77d1220c08
Author: Jan Holesovsky <kendy at collabora.com>
Date:   Wed Jan 13 16:20:48 2016 +0100

    loolwsd: Fix inserting of images into files opened via http://

diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index 51bd75c..07dbcf2 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -378,7 +378,7 @@ public:
                 {
                     const std::string dirPath = LOOLWSD::childRoot + form.get("childid")
                                               + JailedDocumentRoot + "insertfile";
-                    File(dirPath).createDirectory();
+                    File(dirPath).createDirectories();
                     std::string fileName = dirPath + Path::separator() + form.get("name");
                     File(tmpPath).moveTo(fileName);
 
