|
 |
daae2c |
From 36285fde744edd164f1f18990e892f5da92ca1ca Mon Sep 17 00:00:00 2001
|
|
|
daae2c |
From: Stef Walter <stefw@redhat.com>
|
|
|
daae2c |
Date: Sun, 9 Sep 2018 09:33:00 +0200
|
|
|
daae2c |
Subject: [PATCH 1/2] common: Handle use of NULL string in web_response_file
|
|
|
daae2c |
|
|
|
daae2c |
The function g_uri_unescape_string can return a NULL response
|
|
|
daae2c |
if the escaped string is invalid.
|
|
|
daae2c |
|
|
|
daae2c |
Closes #10028
|
|
|
daae2c |
---
|
|
|
daae2c |
src/common/cockpitwebresponse.c | 2 +-
|
|
|
daae2c |
src/common/test-webresponse.c | 18 ++++++++++++++++++
|
|
|
daae2c |
2 files changed, 19 insertions(+), 1 deletion(-)
|
|
|
daae2c |
|
|
|
daae2c |
diff --git a/src/common/cockpitwebresponse.c b/src/common/cockpitwebresponse.c
|
|
|
daae2c |
index 0fee95920..d156bc319 100644
|
|
|
daae2c |
--- a/src/common/cockpitwebresponse.c
|
|
|
daae2c |
+++ b/src/common/cockpitwebresponse.c
|
|
|
daae2c |
@@ -1300,7 +1300,7 @@ web_response_file (CockpitWebResponse *response,
|
|
|
daae2c |
|
|
|
daae2c |
/* Someone is trying to escape the root directory, or access hidden files? */
|
|
|
daae2c |
unescaped = g_uri_unescape_string (escaped, NULL);
|
|
|
daae2c |
- if (strstr (unescaped, "/.") || strstr (unescaped, "../") || strstr (unescaped, "//"))
|
|
|
daae2c |
+ if (!unescaped || strstr (unescaped, "/.") || strstr (unescaped, "../") || strstr (unescaped, "//"))
|
|
|
daae2c |
{
|
|
|
daae2c |
g_debug ("%s: invalid path request", escaped);
|
|
|
daae2c |
cockpit_web_response_error (response, 404, NULL, "Not Found");
|
|
|
daae2c |
diff --git a/src/common/test-webresponse.c b/src/common/test-webresponse.c
|
|
|
daae2c |
index fd2793dc3..4ad72b967 100644
|
|
|
daae2c |
--- a/src/common/test-webresponse.c
|
|
|
daae2c |
+++ b/src/common/test-webresponse.c
|
|
|
daae2c |
@@ -293,6 +293,22 @@ test_file_breakout_denied (TestCase *tc,
|
|
|
daae2c |
free (root);
|
|
|
daae2c |
}
|
|
|
daae2c |
|
|
|
daae2c |
+static void
|
|
|
daae2c |
+test_file_encoding_denied (TestCase *tc,
|
|
|
daae2c |
+ gconstpointer user_data)
|
|
|
daae2c |
+{
|
|
|
daae2c |
+ gchar *root = realpath ( SRCDIR "/src", NULL);
|
|
|
daae2c |
+ const gchar *roots[] = { root, NULL };
|
|
|
daae2c |
+ const gchar *breakout = "/common/Makefile-common.am%00";
|
|
|
daae2c |
+ gchar *check = g_build_filename (roots[0], "common", "Makefile-common.am", NULL);
|
|
|
daae2c |
+ g_assert (root);
|
|
|
daae2c |
+ g_assert (g_file_test (check, G_FILE_TEST_EXISTS));
|
|
|
daae2c |
+ g_free (check);
|
|
|
daae2c |
+ cockpit_web_response_file (tc->response, breakout, roots);
|
|
|
daae2c |
+ cockpit_assert_strmatch (output_as_string (tc), "HTTP/1.1 404*");
|
|
|
daae2c |
+ free (root);
|
|
|
daae2c |
+}
|
|
|
daae2c |
+
|
|
|
daae2c |
static void
|
|
|
daae2c |
test_file_breakout_non_existant (TestCase *tc,
|
|
|
daae2c |
gconstpointer user_data)
|
|
|
daae2c |
@@ -1422,6 +1438,8 @@ main (int argc,
|
|
|
daae2c |
setup, test_file_access_denied, teardown);
|
|
|
daae2c |
g_test_add ("/web-response/file/breakout-denied", TestCase, NULL,
|
|
|
daae2c |
setup, test_file_breakout_denied, teardown);
|
|
|
daae2c |
+ g_test_add ("/web-response/file/invalid-encoding-denied", TestCase, NULL,
|
|
|
daae2c |
+ setup, test_file_encoding_denied, teardown);
|
|
|
daae2c |
g_test_add ("/web-response/file/breakout-non-existant", TestCase, NULL,
|
|
|
daae2c |
setup, test_file_breakout_non_existant, teardown);
|
|
|
daae2c |
g_test_add ("/web-reponse/file/template", TestCase, &template_fixture,
|
|
|
daae2c |
--
|
|
|
daae2c |
2.17.1
|
|
|
daae2c |
|