mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

[#3906] Fix root-file handling

Browse Source 
Added changelog delta
src/lib/util/filesystem.cc
    PathChecker::validatePath() - catch root-file

src/lib/util/tests/filesystem_unittests.cc
    TEST_F(PathCheckerTest, validatePathEnforcePath)
    TEST_F(PathCheckerTest, validatePathEnforcePathFalse) -
    added test cases
This commit is contained in:
Thomas Markwalder 2025-05-23 15:51:11 -04:00
parent 5e29f8322d
commit bad7240b90
3 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
changelog_unreleased/3906-path-validation-should-reject-root-slash-file Normal file
View File

@ -0,0 +1,7 @@
[bug] tmark
Fixed an issue in path validation where
the opening slash in a root-file path such
as "/myfile.log" is discarded causing the server
to prepend the supported path to the file name
rather than reject the entry.
(Gitlab #3906)

8
src/lib/util/filesystem.cc
View File

@ -282,16 +282,18 @@ PathChecker::validatePath(const std::string input_path_str,
} }
auto parent_path = input_path.parentPath(); auto parent_path = input_path.parentPath();
if (!parent_path.empty()) { auto parent_dir = input_path.parentDirectory();
if (!parent_dir.empty()) {
if (!enforce_path) { if (!enforce_path) {
// Security set to lax, let it fly. // Security set to lax, let it fly.
return (input_path_str); return (input_path_str);
} }
// We only allow absolute path equal to default. Catch an invalid path. // We only allow absolute path equal to default. Catch an invalid path.
if (parent_path != path_) { if ((parent_path != path_) || (parent_dir == "/")) {
isc_throw(BadValue, "invalid path specified: '" isc_throw(BadValue, "invalid path specified: '"
<< parent_path << "', supported path is '" << (parent_path.empty() ? "/" : parent_path)
<< "', supported path is '"
<< path_ << "'"); << path_ << "'");
} }
} }

14
src/lib/util/tests/filesystem_unittests.cc
View File

@ -308,6 +308,13 @@ TEST_F(PathCheckerTest, validatePathEnforcePath) {
}; };
std::list<Scenario> scenarios = { std::list<Scenario> scenarios = {
{
// Invalid root parent path.
__LINE__,
"/mylib.so",
"",
string("invalid path specified: '/', supported path is '" + def_path + "'")
},
{ {
// Invalid parent path. // Invalid parent path.
__LINE__, __LINE__,
@ -383,6 +390,13 @@ TEST_F(PathCheckerTest, validatePathEnforcePathFalse) {
}; };
std::list<Scenario> scenarios = { std::list<Scenario> scenarios = {
{
// Invalid root parent path.
__LINE__,
"/mylib.so",
"/mylib.so",
"",
},
{ {
// Invalid parent path but shouldn't care. // Invalid parent path but shouldn't care.
__LINE__, __LINE__,