[Slirp] [PATCH v2] slirp: tftp: restrict relative path access
P J P
ppandit at redhat.com
Thu Jan 2 18:07:25 UTC 2020
+-- On Thu, 2 Jan 2020, Eric Blake wrote --+
| On 1/2/20 5:12 AM, P J P wrote:
| > Update v2: add conditional compilation of rules with G_OS_WIN32
| > https://lists.freedesktop.org/archives/slirp/2020-January/000024.html
| >
| > "/../")) {
| > +#ifdef G_OS_WIN32
| > + if (strstr(req_fname, "..\\") || req_fname[strlen(req_fname) - 1] ==
| > '\\') {
| > +#else
| > + if (strstr(req_fname, "../") || req_fname[strlen(req_fname) - 1] ==
| > '/') {
| > +#endif
|
| Note that Windows allows you to pass "foo/../bar" in place of "foo\\..\\bar"
| and still resolves to the same file, which means your fix is incomplete.
Oh, in that case maybe earlier version of the patch, without conditional
rules, would work better?
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
More information about the Slirp
mailing list