From 596e5dd583a512e719074f5ae8f2b67f5c963f93 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Mon, 19 May 2014 16:16:34 +0000
Subject: Another sanity check on filename for GitHub issue #72

---
 node/SoftwareUpdater.cpp | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'node')

diff --git a/node/SoftwareUpdater.cpp b/node/SoftwareUpdater.cpp
index 02da55db..8a9714fc 100644
--- a/node/SoftwareUpdater.cpp
+++ b/node/SoftwareUpdater.cpp
@@ -202,6 +202,11 @@ void SoftwareUpdater::_cbHandleGetLatestVersionBinary(void *arg,int code,const s
 	}
 	std::string updatesDir(_r->homePath + ZT_PATH_SEPARATOR_S + "updates.d");
 	std::string updateFilename(url.substr(lastSlash + 1));
+	if ((updateFilename.length() < 3)||(updateFilename.find("..") != std::string::npos)) {
+		LOG("software update failed: invalid URL: filename contains invalid characters");
+		upd->_status = UPDATE_STATUS_IDLE;
+		return;
+	}
 	for(std::string::iterator c(updateFilename.begin());c!=updateFilename.end();++c) {
 		// Only allow a list of whitelisted characters to make up the filename to prevent any
 		// path shenanigans, esp on Windows where / is not the path separator.
-- 
cgit v1.2.3