lucy-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mar...@apache.org
Subject svn commit: r930356 - in /lucene/lucy/trunk/core/Lucy: Store/FSFolder.c Test/Store/TestFSFolder.c
Date Fri, 02 Apr 2010 19:34:41 GMT
Author: marvin
Date: Fri Apr  2 19:34:41 2010
New Revision: 930356

URL: http://svn.apache.org/viewvc?rev=930356&view=rev
Log:
Don't allow FSFolder to access directories upwards of its own directory.

Modified:
    lucene/lucy/trunk/core/Lucy/Store/FSFolder.c
    lucene/lucy/trunk/core/Lucy/Test/Store/TestFSFolder.c

Modified: lucene/lucy/trunk/core/Lucy/Store/FSFolder.c
URL: http://svn.apache.org/viewvc/lucene/lucy/trunk/core/Lucy/Store/FSFolder.c?rev=930356&r1=930355&r2=930356&view=diff
==============================================================================
--- lucene/lucy/trunk/core/Lucy/Store/FSFolder.c (original)
+++ lucene/lucy/trunk/core/Lucy/Store/FSFolder.c Fri Apr  2 19:34:41 2010
@@ -230,6 +230,10 @@ FSFolder_local_find_folder(FSFolder *sel
     else if (!S_is_local_entry(name)) {
         return NULL;
     }
+    else if (CB_Starts_With_Str(name, ".", 1)) {
+        // Don't allow access outside of the main dir.
+        return NULL;
+    }
     else if (NULL != (subfolder = (Folder*)Hash_Fetch(self->entries, (Obj*)name))) {
         if (Folder_Is_A(subfolder, FOLDER)) {
             return subfolder;

Modified: lucene/lucy/trunk/core/Lucy/Test/Store/TestFSFolder.c
URL: http://svn.apache.org/viewvc/lucene/lucy/trunk/core/Lucy/Test/Store/TestFSFolder.c?rev=930356&r1=930355&r2=930356&view=diff
==============================================================================
--- lucene/lucy/trunk/core/Lucy/Test/Store/TestFSFolder.c (original)
+++ lucene/lucy/trunk/core/Lucy/Test/Store/TestFSFolder.c Fri Apr  2 19:34:41 2010
@@ -103,15 +103,39 @@ test_protect_symlinks(TestBatch *batch) 
 }
 
 void
+test_disallow_updir(TestBatch *batch)
+{
+    FSFolder *outer_folder = (FSFolder*)S_set_up();
+
+    CharBuf *foo = (CharBuf*)ZCB_WRAP_STR("foo", 3);
+    CharBuf *bar = (CharBuf*)ZCB_WRAP_STR("bar", 3);
+    FSFolder_MkDir(outer_folder, foo);
+    FSFolder_MkDir(outer_folder, bar);
+
+    CharBuf *inner_path = (CharBuf*)ZCB_WRAP_STR("_fstest/foo", 11);
+    FSFolder *foo_folder = FSFolder_new(inner_path);
+    CharBuf *up_bar = (CharBuf*)ZCB_WRAP_STR("../bar", 6);
+    ASSERT_FALSE(batch, FSFolder_Exists(foo_folder, up_bar), 
+        "up-dirs are inaccessible.");
+
+    DECREF(foo_folder);
+    FSFolder_Delete(outer_folder, foo);
+    FSFolder_Delete(outer_folder, bar);
+    DECREF(outer_folder);
+    S_tear_down();
+}
+
+void
 TestFSFolder_run_tests()
 {
-    u32_t num_tests = TestFolderCommon_num_tests() + 7;
+    u32_t num_tests = TestFolderCommon_num_tests() + 8;
     TestBatch *batch = TestBatch_new(num_tests);
 
     TestBatch_Plan(batch);
     test_Initialize_and_Check(batch);
     TestFolderCommon_run_tests(batch, S_set_up, S_tear_down);
     test_protect_symlinks(batch);
+    test_disallow_updir(batch);
 
     DECREF(batch);
 }



Mime
View raw message