Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix newline detection in zip paths.
  • Loading branch information
kentonv committed Mar 1, 2017
1 parent 4ea8df7 commit 6e8572e
Showing 1 changed file with 13 additions and 13 deletions.
26 changes: 13 additions & 13 deletions src/sandstorm/backup.c++
Expand Up @@ -252,23 +252,23 @@ void BackupMain::pump(kj::InputStream& in, kj::OutputStream& out) {
}

bool BackupMain::findFilesToZip(kj::StringPtr path, kj::OutputStream& out) {
// If the path contains a newline, we cannot correctly pass it to `zip` since `zip` expects
// one file per line. For security reasons, we must detect and filter out these files.
// Hopefully this never happens legitimately?
if (path.findFirst('\n') != nullptr) {
KJ_LOG(ERROR, "tried to backup file containing newlines", path);
return false;
}

struct stat stats;
KJ_SYSCALL(lstat(path.cStr(), &stats));
if (S_ISREG(stats.st_mode) || S_ISLNK(stats.st_mode)) {
// Regular file or link can be zipped; write to file stream.
// If the path contains a newline, we cannot correctly pass it to `zip` since `zip` expects
// one file per line. For security reasons, we must detect and filter out these files.
// Hopefully this never happens legitimately?
if (path.findFirst('\n') == nullptr) {
kj::ArrayPtr<const byte> pieces[2];
pieces[0] = path.asBytes();
pieces[1] = kj::StringPtr("\n").asBytes();
out.write(pieces);
return true;
} else {
KJ_LOG(ERROR, "tried to backup file containing newlines", path);
return false;
}
kj::ArrayPtr<const byte> pieces[2];
pieces[0] = path.asBytes();
pieces[1] = kj::StringPtr("\n").asBytes();
out.write(pieces);
return true;
} else if (S_ISDIR(stats.st_mode)) {
// Subdirectory; enumerate contents.
bool packedAny = false;
Expand Down

0 comments on commit 6e8572e

Please sign in to comment.