Skip to content

Commit

Permalink
[backend] only allow plain files in cpio_sender
Browse files Browse the repository at this point in the history
No devices, sockets, directories, symlinks please...
  • Loading branch information
mlschroe committed Mar 17, 2017
1 parent b740712 commit ba27c91
Showing 1 changed file with 15 additions and 4 deletions.
19 changes: 15 additions & 4 deletions src/backend/BSHTTP.pm
Original file line number Diff line number Diff line change
Expand Up @@ -448,13 +448,24 @@ sub cpio_sender {
my $filename = $file->{'filename'};
if (ref($filename)) {
*F = $filename;
} elsif (!open(F, '<', $filename)) {
$errors->{'data'} .= "$file->{'name'}: $filename: $!\n";
next;
} else {
@s = lstat($filename);
if (!@s) {
$errors->{'data'} .= "$file->{'name'}: $filename: $!\n";
next;
}
if (-l _ || ! -f _) {
$errors->{'data'} .= "$file->{'name'}: $filename: not a plain file\n";
next;
}
if (!open(F, '<', $filename)) {
$errors->{'data'} .= "$file->{'name'}: $filename: $!\n";
next;
}
}
@s = stat(F);
if (!@s) {
$errors->{'data'} .= "$file->{'name'}: stat: $!\n";
$errors->{'data'} .= "$file->{'name'}: fstat: $!\n";
close F unless ref $filename;
next;
}
Expand Down

0 comments on commit ba27c91

Please sign in to comment.