core: Validate file names read from directory variants

In a future where we pull data from remote servers, we don't want
to allow path uplinks.

1 files changed, 25 insertions, 0 deletions

diff --git a/src/libotutil/ot-unix-utils.c b/src/libotutil/ot-unix-utils.c
index 24fcf8b3..2a2697f8 100644
--- a/src/libotutil/ot-unix-utils.c
+++ b/src/libotutil/ot-unix-utils.c
@@ -139,6 +139,31 @@ ot_util_filename_has_dotdot (const char *path)
   return last == '\0' || last == '/';
 }
 
+gboolean
+ot_util_validate_file_name (const char *name,
+                            GError    **error)
+{
+  if (strcmp (name, ".") == 0)
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                   "Invalid self-reference '.' in filename '%s'", name);
+      return FALSE;
+    }
+  if (ot_util_filename_has_dotdot (name))
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                   "Invalid path uplink '..' in filename '%s'", name);
+      return FALSE;
+    }
+  if (strchr (name, '/') != NULL)
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                   "Invalid / in filename '%s'", name);
+      return FALSE;
+    }
+  return TRUE;
+}
+
 GPtrArray *
 ot_util_path_split (const char *path)
 {