diff options
author | Colin Walters <walters@verbum.org> | 2011-11-16 23:23:30 -0500 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2011-11-16 23:23:30 -0500 |
commit | aa865bbb83c7e3f909a97b8ebccd024ee5b1afcc (patch) | |
tree | 1d666e016d54ebb84587eabc9556942c521c558f /src/libotutil/ot-unix-utils.c | |
parent | 4a26be1befefb05c67400247fcd381b103cf3985 (diff) | |
download | ostree-aa865bbb83c7e3f909a97b8ebccd024ee5b1afcc.tar.gz |
core: Validate file names read from directory variants
In a future where we pull data from remote servers, we don't want
to allow path uplinks.
Diffstat (limited to 'src/libotutil/ot-unix-utils.c')
-rw-r--r-- | src/libotutil/ot-unix-utils.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/src/libotutil/ot-unix-utils.c b/src/libotutil/ot-unix-utils.c index 24fcf8b3..2a2697f8 100644 --- a/src/libotutil/ot-unix-utils.c +++ b/src/libotutil/ot-unix-utils.c @@ -139,6 +139,31 @@ ot_util_filename_has_dotdot (const char *path) return last == '\0' || last == '/'; } +gboolean +ot_util_validate_file_name (const char *name, + GError **error) +{ + if (strcmp (name, ".") == 0) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, + "Invalid self-reference '.' in filename '%s'", name); + return FALSE; + } + if (ot_util_filename_has_dotdot (name)) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, + "Invalid path uplink '..' in filename '%s'", name); + return FALSE; + } + if (strchr (name, '/') != NULL) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, + "Invalid / in filename '%s'", name); + return FALSE; + } + return TRUE; +} + GPtrArray * ot_util_path_split (const char *path) { |