powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1049 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: 6441ca8477
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6441ca8477'
${ noResults }
base/SOURCES/0129-lib-add-a-function-che...

155 lines
5.1 KiB
Raw Blame History

From 54ecf8d017580b495d6501e53ca54e453a73a364 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 23 Apr 2015 13:21:41 +0200
Subject: [LIBREPORT PATCH] lib: add a function checking file names
Move the code from ABRT and extend it a bit:
* allow only 64 characters
* allow '.' in names (vmcore_dmesg.txt)
* forbid '/'
* forbid "."
* forbid ".."
Related: #1214451
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/include/internal_libreport.h | 6 +++++
src/lib/concat_path_file.c | 25 ++++++++++++++++++++
tests/Makefile.am | 3 ++-
tests/dump_dir.at | 49 ++++++++++++++++++++++++++++++++++++++++
tests/testsuite.at | 1 +
5 files changed, 83 insertions(+), 1 deletion(-)
create mode 100644 tests/dump_dir.at
diff --git a/src/include/internal_libreport.h b/src/include/internal_libreport.h
index 4c5c72a..8d84fd4 100644
--- a/src/include/internal_libreport.h
+++ b/src/include/internal_libreport.h
@@ -132,6 +132,12 @@ char *concat_path_file(const char *path, const char *filename);
#define concat_path_basename libreport_concat_path_basename
char *concat_path_basename(const char *path, const char *filename);
+/* Allows all printable characters except '/',
+ * the string must not exceed 64 characters of length
+ * and must not equal neither "." nor ".." (these strings may appear in the string) */
+#define str_is_correct_filename libreport_str_is_correct_filename
+bool str_is_correct_filename(const char *str);
+
/* A-la fgets, but malloced and of unlimited size */
#define xmalloc_fgets libreport_xmalloc_fgets
char *xmalloc_fgets(FILE *file);
diff --git a/src/lib/concat_path_file.c b/src/lib/concat_path_file.c
index 39ae07a..24e4cbd 100644
--- a/src/lib/concat_path_file.c
+++ b/src/lib/concat_path_file.c
@@ -57,3 +57,28 @@ char *concat_path_basename(const char *path, const char *filename)
free(abspath);
return name;
}
+
+bool str_is_correct_filename(const char *str)
+{
+#define NOT_PRINTABLE(c) (c < ' ' || c == 0x7f)
+
+ if (NOT_PRINTABLE(*str) || *str == '/' || *str == '\0')
+ return false;
+ ++str;
+
+ if (NOT_PRINTABLE(*str) || *str =='/' || (*str == '\0' && *(str-1) == '.'))
+ return false;
+ ++str;
+
+ if (NOT_PRINTABLE(*str) || *str =='/' || (*str == '\0' && *(str-1) == '.' && *(str-2) == '.'))
+ return false;
+ ++str;
+
+ for (unsigned i = 0; *str != '\0' && i < 61; ++str, ++i)
+ if (NOT_PRINTABLE(*str) || *str == '/')
+ return false;
+
+ return *str == '\0';
+
+#undef NOT_PRINTABLE
+}
diff --git a/tests/Makefile.am b/tests/Makefile.am
index a680f05..eaf1ac2 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -42,7 +42,8 @@ TESTSUITE_AT = \
report_python.at \
xfuncs.at \
string_list.at \
- ureport.at
+ ureport.at \
+ dump_dir.at
EXTRA_DIST += $(TESTSUITE_AT)
TESTSUITE = $(srcdir)/testsuite
diff --git a/tests/dump_dir.at b/tests/dump_dir.at
new file mode 100644
index 0000000..a579243
--- /dev/null
+++ b/tests/dump_dir.at
@@ -0,0 +1,49 @@
+# -*- Autotest -*-
+
+AT_BANNER([dump directories])
+
+## ----------------------- ##
+## str_is_correct_filename ##
+## ----------------------- ##
+
+AT_TESTFUN([str_is_correct_filename],
+[[
+#include "internal_libreport.h"
+#include <assert.h>
+#
+int main(void)
+{
+ g_verbose = 3;
+
+ assert(str_is_correct_filename("") == false);
+ assert(str_is_correct_filename("/") == false);
+ assert(str_is_correct_filename("//") == false);
+ assert(str_is_correct_filename(".") == false);
+ assert(str_is_correct_filename(".") == false);
+ assert(str_is_correct_filename("..") == false);
+ assert(str_is_correct_filename("..") == false);
+ assert(str_is_correct_filename("/.") == false);
+ assert(str_is_correct_filename("//.") == false);
+ assert(str_is_correct_filename("./") == false);
+ assert(str_is_correct_filename(".//") == false);
+ assert(str_is_correct_filename("/./") == false);
+ assert(str_is_correct_filename("/..") == false);
+ assert(str_is_correct_filename("//..") == false);
+ assert(str_is_correct_filename("../") == false);
+ assert(str_is_correct_filename("..//") == false);
+ assert(str_is_correct_filename("/../") == false);
+ assert(str_is_correct_filename("/.././") == false);
+
+ assert(str_is_correct_filename("looks-good-but-evil/") == false);
+ assert(str_is_correct_filename("looks-good-but-evil/../../") == false);
+
+ assert(str_is_correct_filename(".meta-data") == true);
+ assert(str_is_correct_filename("..meta-meta-data") == true);
+ assert(str_is_correct_filename("meta-..-data") == true);
+
+ assert(str_is_correct_filename("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890+-") == true);
+ assert(str_is_correct_filename("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890+-=") == false);
+
+ return 0;
+}
+]])
diff --git a/tests/testsuite.at b/tests/testsuite.at
index abad32b..41107e7 100644
--- a/tests/testsuite.at
+++ b/tests/testsuite.at
@@ -17,3 +17,4 @@ m4_include([xml_definition.at])
m4_include([report_python.at])
m4_include([string_list.at])
m4_include([ureport.at])
+m4_include([dump_dir.at])
--
1.8.3.1