|
|
28bab8 |
From 54ecf8d017580b495d6501e53ca54e453a73a364 Mon Sep 17 00:00:00 2001
|
|
|
28bab8 |
From: Jakub Filak <jfilak@redhat.com>
|
|
|
28bab8 |
Date: Thu, 23 Apr 2015 13:21:41 +0200
|
|
|
28bab8 |
Subject: [LIBREPORT PATCH] lib: add a function checking file names
|
|
|
28bab8 |
|
|
|
28bab8 |
Move the code from ABRT and extend it a bit:
|
|
|
28bab8 |
* allow only 64 characters
|
|
|
28bab8 |
* allow '.' in names (vmcore_dmesg.txt)
|
|
|
28bab8 |
* forbid '/'
|
|
|
28bab8 |
* forbid "."
|
|
|
28bab8 |
* forbid ".."
|
|
|
28bab8 |
|
|
|
28bab8 |
Related: #1214451
|
|
|
28bab8 |
|
|
|
28bab8 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
|
28bab8 |
---
|
|
|
28bab8 |
src/include/internal_libreport.h | 6 +++++
|
|
|
28bab8 |
src/lib/concat_path_file.c | 25 ++++++++++++++++++++
|
|
|
28bab8 |
tests/Makefile.am | 3 ++-
|
|
|
28bab8 |
tests/dump_dir.at | 49 ++++++++++++++++++++++++++++++++++++++++
|
|
|
28bab8 |
tests/testsuite.at | 1 +
|
|
|
28bab8 |
5 files changed, 83 insertions(+), 1 deletion(-)
|
|
|
28bab8 |
create mode 100644 tests/dump_dir.at
|
|
|
28bab8 |
|
|
|
28bab8 |
diff --git a/src/include/internal_libreport.h b/src/include/internal_libreport.h
|
|
|
28bab8 |
index 4c5c72a..8d84fd4 100644
|
|
|
28bab8 |
--- a/src/include/internal_libreport.h
|
|
|
28bab8 |
+++ b/src/include/internal_libreport.h
|
|
|
28bab8 |
@@ -132,6 +132,12 @@ char *concat_path_file(const char *path, const char *filename);
|
|
|
28bab8 |
#define concat_path_basename libreport_concat_path_basename
|
|
|
28bab8 |
char *concat_path_basename(const char *path, const char *filename);
|
|
|
28bab8 |
|
|
|
28bab8 |
+/* Allows all printable characters except '/',
|
|
|
28bab8 |
+ * the string must not exceed 64 characters of length
|
|
|
28bab8 |
+ * and must not equal neither "." nor ".." (these strings may appear in the string) */
|
|
|
28bab8 |
+#define str_is_correct_filename libreport_str_is_correct_filename
|
|
|
28bab8 |
+bool str_is_correct_filename(const char *str);
|
|
|
28bab8 |
+
|
|
|
28bab8 |
/* A-la fgets, but malloced and of unlimited size */
|
|
|
28bab8 |
#define xmalloc_fgets libreport_xmalloc_fgets
|
|
|
28bab8 |
char *xmalloc_fgets(FILE *file);
|
|
|
28bab8 |
diff --git a/src/lib/concat_path_file.c b/src/lib/concat_path_file.c
|
|
|
28bab8 |
index 39ae07a..24e4cbd 100644
|
|
|
28bab8 |
--- a/src/lib/concat_path_file.c
|
|
|
28bab8 |
+++ b/src/lib/concat_path_file.c
|
|
|
28bab8 |
@@ -57,3 +57,28 @@ char *concat_path_basename(const char *path, const char *filename)
|
|
|
28bab8 |
free(abspath);
|
|
|
28bab8 |
return name;
|
|
|
28bab8 |
}
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+bool str_is_correct_filename(const char *str)
|
|
|
28bab8 |
+{
|
|
|
28bab8 |
+#define NOT_PRINTABLE(c) (c < ' ' || c == 0x7f)
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ if (NOT_PRINTABLE(*str) || *str == '/' || *str == '\0')
|
|
|
28bab8 |
+ return false;
|
|
|
28bab8 |
+ ++str;
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ if (NOT_PRINTABLE(*str) || *str =='/' || (*str == '\0' && *(str-1) == '.'))
|
|
|
28bab8 |
+ return false;
|
|
|
28bab8 |
+ ++str;
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ if (NOT_PRINTABLE(*str) || *str =='/' || (*str == '\0' && *(str-1) == '.' && *(str-2) == '.'))
|
|
|
28bab8 |
+ return false;
|
|
|
28bab8 |
+ ++str;
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ for (unsigned i = 0; *str != '\0' && i < 61; ++str, ++i)
|
|
|
28bab8 |
+ if (NOT_PRINTABLE(*str) || *str == '/')
|
|
|
28bab8 |
+ return false;
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ return *str == '\0';
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+#undef NOT_PRINTABLE
|
|
|
28bab8 |
+}
|
|
|
28bab8 |
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
|
|
28bab8 |
index a680f05..eaf1ac2 100644
|
|
|
28bab8 |
--- a/tests/Makefile.am
|
|
|
28bab8 |
+++ b/tests/Makefile.am
|
|
|
28bab8 |
@@ -42,7 +42,8 @@ TESTSUITE_AT = \
|
|
|
28bab8 |
report_python.at \
|
|
|
28bab8 |
xfuncs.at \
|
|
|
28bab8 |
string_list.at \
|
|
|
28bab8 |
- ureport.at
|
|
|
28bab8 |
+ ureport.at \
|
|
|
28bab8 |
+ dump_dir.at
|
|
|
28bab8 |
|
|
|
28bab8 |
EXTRA_DIST += $(TESTSUITE_AT)
|
|
|
28bab8 |
TESTSUITE = $(srcdir)/testsuite
|
|
|
28bab8 |
diff --git a/tests/dump_dir.at b/tests/dump_dir.at
|
|
|
28bab8 |
new file mode 100644
|
|
|
28bab8 |
index 0000000..a579243
|
|
|
28bab8 |
--- /dev/null
|
|
|
28bab8 |
+++ b/tests/dump_dir.at
|
|
|
28bab8 |
@@ -0,0 +1,49 @@
|
|
|
28bab8 |
+# -*- Autotest -*-
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+AT_BANNER([dump directories])
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+## ----------------------- ##
|
|
|
28bab8 |
+## str_is_correct_filename ##
|
|
|
28bab8 |
+## ----------------------- ##
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+AT_TESTFUN([str_is_correct_filename],
|
|
|
28bab8 |
+[[
|
|
|
28bab8 |
+#include "internal_libreport.h"
|
|
|
28bab8 |
+#include <assert.h>
|
|
|
28bab8 |
+#
|
|
|
28bab8 |
+int main(void)
|
|
|
28bab8 |
+{
|
|
|
28bab8 |
+ g_verbose = 3;
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ assert(str_is_correct_filename("") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("/") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("//") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename(".") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename(".") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("..") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("..") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("/.") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("//.") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("./") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename(".//") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("/./") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("/..") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("//..") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("../") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("..//") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("/../") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("/.././") == false);
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ assert(str_is_correct_filename("looks-good-but-evil/") == false);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("looks-good-but-evil/../../") == false);
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ assert(str_is_correct_filename(".meta-data") == true);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("..meta-meta-data") == true);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("meta-..-data") == true);
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ assert(str_is_correct_filename("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890+-") == true);
|
|
|
28bab8 |
+ assert(str_is_correct_filename("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890+-=") == false);
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ return 0;
|
|
|
28bab8 |
+}
|
|
|
28bab8 |
+]])
|
|
|
28bab8 |
diff --git a/tests/testsuite.at b/tests/testsuite.at
|
|
|
28bab8 |
index abad32b..41107e7 100644
|
|
|
28bab8 |
--- a/tests/testsuite.at
|
|
|
28bab8 |
+++ b/tests/testsuite.at
|
|
|
28bab8 |
@@ -17,3 +17,4 @@ m4_include([xml_definition.at])
|
|
|
28bab8 |
m4_include([report_python.at])
|
|
|
28bab8 |
m4_include([string_list.at])
|
|
|
28bab8 |
m4_include([ureport.at])
|
|
|
28bab8 |
+m4_include([dump_dir.at])
|
|
|
28bab8 |
--
|
|
|
28bab8 |
1.8.3.1
|
|
|
28bab8 |
|