Another sanity check on filename for GitHub issue #72

author: Adam Ierymenko <adam.ierymenko@gmail.com> 2014-05-19 16:16:34 +0000
committer: Adam Ierymenko <adam.ierymenko@gmail.com> 2014-05-19 16:16:34 +0000
commit: 596e5dd583a512e719074f5ae8f2b67f5c963f93 (patch)
tree: a977b38e6ed5b11031135343bb43b68f48ca5a50 /node
parent: b958a2d30c69434e1a2b8be927100e16c6eb4554 (diff)
download: infinitytier-596e5dd583a512e719074f5ae8f2b67f5c963f93.tar.gz
infinitytier-596e5dd583a512e719074f5ae8f2b67f5c963f93.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/node/SoftwareUpdater.cpp b/node/SoftwareUpdater.cpp
index 02da55db..8a9714fc 100644
--- a/node/SoftwareUpdater.cpp
+++ b/node/SoftwareUpdater.cpp
@@ -202,6 +202,11 @@ void SoftwareUpdater::_cbHandleGetLatestVersionBinary(void *arg,int code,const s
 	}
 	std::string updatesDir(_r->homePath + ZT_PATH_SEPARATOR_S + "updates.d");
 	std::string updateFilename(url.substr(lastSlash + 1));
+	if ((updateFilename.length() < 3)||(updateFilename.find("..") != std::string::npos)) {
+		LOG("software update failed: invalid URL: filename contains invalid characters");
+		upd->_status = UPDATE_STATUS_IDLE;
+		return;
+	}
 	for(std::string::iterator c(updateFilename.begin());c!=updateFilename.end();++c) {
 		// Only allow a list of whitelisted characters to make up the filename to prevent any
 		// path shenanigans, esp on Windows where / is not the path separator.
author	Adam Ierymenko <adam.ierymenko@gmail.com>	2014-05-19 16:16:34 +0000
committer	Adam Ierymenko <adam.ierymenko@gmail.com>	2014-05-19 16:16:34 +0000
commit	596e5dd583a512e719074f5ae8f2b67f5c963f93 (patch)
tree	a977b38e6ed5b11031135343bb43b68f48ca5a50 /node
parent	b958a2d30c69434e1a2b8be927100e16c6eb4554 (diff)
download	infinitytier-596e5dd583a512e719074f5ae8f2b67f5c963f93.tar.gz infinitytier-596e5dd583a512e719074f5ae8f2b67f5c963f93.zip