kotovalexarian-likes-gitlab
/
hagrid-keyserver--hagrid
mirror of https://gitlab.com/hagrid-keyserver/hagrid.git
1
0
Fork 0
Code Releases Activity

fix dir traversal vuln

This commit is contained in:
seu 2018-09-19 22:23:39 +02:00
parent 6070c58bd0
commit 2013eb21bf
1 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/database/fs.rs
View File

@ -188,16 +188,27 @@ impl Database for Filesystem {
// XXX: slow // XXX: slow
fn by_uid(&self, uid: &str) -> Option<Box<[u8]>> { fn by_uid(&self, uid: &str) -> Option<Box<[u8]>> {
let target = self.base.join("public").join("by-uid").join(uid); use std::fs;
File::open(target).ok().and_then(|mut fd| { let path = self.base.join("public").join("by-uid").join(uid);
let mut buf = Vec::default();
if fd.read_to_end(&mut buf).is_ok() { fs::canonicalize(path).ok()
Some(buf.into_boxed_slice()) .and_then(|p| {
} else { if p.starts_with(&self.base) {
None Some(p)
} } else {
}) None
}
}).and_then(|p| {
File::open(p).ok()
}).and_then(|mut fd| {
let mut buf = Vec::default();
if fd.read_to_end(&mut buf).is_ok() {
Some(buf.into_boxed_slice())
} else {
None
}
})
} }
} }