ganeshmurthy commented on a change in pull request #979:
URL: https://github.com/apache/qpid-dispatch/pull/979#discussion_r556884981
##########
File path: src/connection_manager.c
##########
@@ -156,6 +157,44 @@ static qd_config_sasl_plugin_t
*qd_find_sasl_plugin(qd_connection_manager_t *cm,
return 0;
}
+
+/**
+ * qdcm_normalize_filename
+ *
+ * If the infile (file name) is absolute or null, simply pass it through. If
it is
+ * relative (contains no slashes or ".."), check to see if the file is in the
temporary
+ * store. If it is, return the full path to the location of the file in the
temporary
+ * store.
+ *
+ * If a new string is allocated to handle the return value, free infile.
+ *
+ * Set the qd_error if there is an error condition.
+ */
+static char* qdcm_normalize_filename(char* infile)
+{
+ if (!infile || *infile == '/' || *infile == '\\')
+ return infile;
+
+ if (!!strchr(infile, '/') || !!strchr(infile, '\\') || !!strstr(infile,
"..")) {
+ qd_error(QD_ERROR_CONFIG, "Relative filename '%s' contains '/', '\\',
or '..'", infile);
+ return infile;
+ }
+
+ if (!qd_temp_is_store_created()) {
+ qd_error(QD_ERROR_CONFIG, "Relative filename '%s' provided, but the
temp store has not been created", infile);
Review comment:
What about the case when a user accidentally puts in a relative filename
and knows nothing about the temp store, this log message is potentially
confusing?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
