VirtualBox

Changeset 93228 in vbox for trunk


Ignore:
Timestamp:
Jan 13, 2022 4:29:42 PM (3 years ago)
Author:
vboxsync
Message:

NAT/tftp: bugref:9350 - Fix the ".." check.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Devices/Network/slirp/tftp.c

    r93115 r93228  
    156156        *s++ = '/';
    157157
    158     /* deny attempts to break out of tftp dir */
    159     if (RTStrStartsWith(pTftpSession->szFilename, "../"))
     158    /* deny dot-dot by itself or at the beginning */
     159    if (   pTftpSession->szFilename[0] == '.'
     160        && pTftpSession->szFilename[1] == '.'
     161        && (   pTftpSession->szFilename[2] == '\0'
     162            || pTftpSession->szFilename[2] == '/'))
    160163        goto done;
    161164
     165    /* deny dot-dot in the middle */
     166    if (RTStrStr(pTftpSession->szFilename, "/../") != NULL)
     167        goto done;
     168
     169    /* deny dot-dot at the end (there's no RTStrEndsWith) */
    162170    const char *dotdot = RTStrStr(pTftpSession->szFilename, "/..");
    163     if (dotdot != NULL && (dotdot[3] == '/' || dotdot[3] == '\0'))
     171    if (dotdot != NULL && dotdot[3] == '\0')
    164172        goto done;
    165173
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette