-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix security checks in
PathBuf::FromSegments
.
In #134, @tunz discovered that Rocket does not properly prevent path traversal or local file inclusion attacks. The issue is caused by a failure to check for some dangerous characters after decoding. In this case, the path separator '/' was left as-is after decoding. As such, an attacker could construct a path with containing any number of `..%2f..` sequences to traverse the file system. This commit resolves the issue by ensuring that the decoded segment does not contains any `/` characters. It further hardens the `FromSegments` implementation by checking for additional risky characters: ':', '>', '<' as the last character, and '\' on Windows. This is in addition to the already present checks for '.' and '*' as the first character. The behavior for a failing check has also changed. Previously, Rocket would skip segments that contained illegal characters. In this commit, the implementation instead return an error. The `Error` type of the `PathBuf::FromSegment` implementations was changed to a new `SegmentError` type that indicates the condition that failed. Closes #134.
- Loading branch information
1 parent
41aecc3
commit 4bc5c20
Showing
3 changed files
with
53 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters