[Slirp] [PATCH v2] slirp: tftp: restrict relative path access
Samuel Thibault
samuel.thibault at ens-lyon.org
Sun Jan 12 19:17:07 UTC 2020
Hello,
P J P, le lun. 06 janv. 2020 16:41:46 +0530, a ecrit:
> memcpy(spt->filename, slirp->tftp_prefix, prefix_len);
> spt->filename[prefix_len] = '/';
> req_fname = spt->filename + prefix_len + 1;
>
> Separator added after tftp_prefix is '/', not '\\'. And tftp_read_data()
> opens the file as
>
> spt->fd = open(spt->filename, O_RDONLY | O_BINARY);
>
> "tftp_prefix/my_directory\\my_library\\my_file.txt"
>
> Likely open(2) would return an error for path like above?
IIRC the toolchains used on windows to build unixish programs accept
mixtures of / and \
> +-- On Thu, 2 Jan 2020, Eric Blake wrote --+
> | Maybe:
> | if (
> | #if G_OS_WIN32
> | strstr(req_fname, "..\\") ||
> | req_fname[strlen(req_fname) - 1] == '\\' ||
> | #endif
> | strstr(req_fname, "../") ||
> | req_fname[strlen(req_fname) - 1] == '/')
> |
> | although I'm not a fan of #if mid-expression.
>
> True, it'll be difficult to read/follow.
I'd be fine with the snippet above.
Samuel
More information about the Slirp
mailing list