mapper: check for "." and ".."

Make map_directory_child_fs() refuse the names "." and "..". This is currently the interface where an attacker may inject a manipulated path (through the "update" command).
2008-10-31 16:48:58 +01:00 · 2008-10-31 16:48:58 +01:00 · f291876772
parent a5f8d4386c
commit f291876772
1 changed files with 5 additions and 0 deletions
--- a/src/mapper.c
+++ b/src/mapper.c
@ -100,6 +100,11 @@ map_directory_child_fs(const struct directory *directory, const char *name,
 	char buffer2[MPD_PATH_MAX];
 	const char *parent_fs;

+	/* check for invalid or unauthorized base names */
+	if (*name == 0 || strchr(name, '/') != NULL ||
+	    strcmp(name, ".") == 0 || strcmp(name, "..") == 0)
+		return NULL;
+
 	parent_fs = map_directory_fs(directory, buffer2);
 	if (parent_fs == NULL)
 		return NULL;