Skip to content

Commit

Permalink
o Adapt curl, wget documentation
Browse files Browse the repository at this point in the history 
o Log when someone attempts to break out of base config dir.
  • Loading branch information
@hzeller
hzeller committed Oct 4, 2012
1 parent caec690 commit c113afd
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 7 deletions.
10 changes: 5 additions & 5 deletions README.md
View file
Expand Up @@ -182,10 +182,10 @@ directory -- and the result is split between these two files.
To manually switch the configuration from the command line, you can use `wget` To manually switch the configuration from the command line, you can use `wget`
or `curl`, whatever you prefer: or `curl`, whatever you prefer:


wget -q -O/dev/null http://localhost:17322/settings?f=2 wget -q -O/dev/null http://localhost:17322/settings?f=highpass
curl http://localhost:17322/settings?f=2 curl http://localhost:17322/settings?f=SantaLucia


The parameter given to `f=` is the configuration in the same sequence you The parameter given to `f=` is the name of the subdirectory in your base
supplied on startup, starting to count from 1. Configuration 0 means configuration directory. An empty string is no filter, i.e. 'pass through'.
'no filter' (And no, there is no security built-in. If you want people from (And no, there is no security built-in. If you want people from
messing with the configuration of your Folve-daemon, do not use `-p <port>` :)). messing with the configuration of your Folve-daemon, do not use `-p <port>` :)).
15 changes: 13 additions & 2 deletions folve-filesystem.cc
View file
Expand Up @@ -656,20 +656,31 @@ bool FolveFilesystem::ListDirectory(const std::string &fs_dir,
return true; return true;
} }


bool FolveFilesystem::SwitchCurrentConfigDir(const std::string &subdir) { bool FolveFilesystem::SwitchCurrentConfigDir(const std::string &subdir_in) {
std::string subdir = subdir_in;
if (!subdir.empty()) { if (!subdir.empty()) {
std::string to_verify_path = base_config_dir_ + "/" + subdir; std::string to_verify_path = base_config_dir_ + "/" + subdir;
if (to_verify_path.length() > PATH_MAX) if (to_verify_path.length() > PATH_MAX)
return false; // uh, someone wants to buffer overflow us ? return false; // uh, someone wants to buffer overflow us ?
char all_path[PATH_MAX]; char all_path[PATH_MAX];
const char *verified = realpath(to_verify_path.c_str(), all_path); const char *verified = realpath(to_verify_path.c_str(), all_path);
if (verified == NULL) // bogus directory. if (verified == NULL) { // bogus directory.
syslog(LOG_INFO, "Filter config switch attempt to '%s': %s",
subdir.c_str(), strerror(errno));
return false; return false;
}
if (strncmp(verified, base_config_dir_.c_str(), if (strncmp(verified, base_config_dir_.c_str(),
base_config_dir_.length()) != 0) { base_config_dir_.length()) != 0) {
// Attempt to break out with ../-tricks. // Attempt to break out with ../-tricks.
syslog(LOG_INFO, "Filter config switch: Someone tries something nasty "
"changing filter to '%s'. Ha, in your face!", subdir.c_str());
return false; return false;
} }
// Derive from sanitized dir. So someone can write lowpass/../highpass
// or '.' for empty filter. Or ./highpass. And all work.
subdir = ((strlen(verified) == base_config_dir_.length())
? "" // chose subdir '.'
: verified + base_config_dir_.length() + 1 /*slash*/);
} }
if (subdir != current_config_subdir_) { if (subdir != current_config_subdir_) {
current_config_subdir_ = subdir; current_config_subdir_ = subdir;
Expand Down

0 comments on commit c113afd

Please sign in to comment.