diff options
| author | Prasad J Pandit <pjp@fedoraproject.org> | 2020-01-13 17:44:31 +0530 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2020-01-14 21:40:50 +0100 |
| commit | 14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 (patch) | |
| tree | 29563378bd954a69d37f9597667dc076c18598b1 /src | |
| parent | 82ebe9c370a0e2970fb5695aa19aa5214a6a1c80 (diff) | |
| download | slirp-14ec36e107a8c9af7d0a80c3571fe39b291ff1d4.zip slirp-14ec36e107a8c9af7d0a80c3571fe39b291ff1d4.tar.gz slirp-14ec36e107a8c9af7d0a80c3571fe39b291ff1d4.tar.bz2 | |
slirp: tftp: restrict relative path access
tftp restricts relative or directory path access on Linux systems.
Apply same restrictions on Windows systems too. It helps to avoid
directory traversal issue.
Fixes: https://bugs.launchpad.net/qemu/+bug/1812451
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-Id: <20200113121431.156708-1-ppandit@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/tftp.c | 9 |
1 files changed, 7 insertions, 2 deletions
@@ -344,8 +344,13 @@ static void tftp_handle_rrq(Slirp *slirp, struct sockaddr_storage *srcsas, k += 6; /* skipping octet */ /* do sanity checks on the filename */ - if (!strncmp(req_fname, "../", 3) || - req_fname[strlen(req_fname) - 1] == '/' || strstr(req_fname, "/../")) { + if ( +#ifdef G_OS_WIN32 + strstr(req_fname, "..\\") || + req_fname[strlen(req_fname) - 1] == '\\' || +#endif + strstr(req_fname, "../") || + req_fname[strlen(req_fname) - 1] == '/') { tftp_send_error(spt, 2, "Access violation", tp); return; } |