Re: [freenet-dev] [freenet-cvs] r25820 - trunk/freenet/src/freenet/clients/http

Thu, 26 Feb 2009 10:07:34 -0800 

On Wednesday 25 February 2009 18:52:52 [email protected] wrote:
> Author: toad
> Date: 2009-02-25 18:52:51 +0000 (Wed, 25 Feb 2009)
> New Revision: 25820
> 
> Modified:
>    trunk/freenet/src/freenet/clients/http/LocalFileInsertToadlet.java
> Log:
> Better fix for bug #2650

Is there any conceivable security risk in this change?
> 
> 
> Modified: trunk/freenet/src/freenet/clients/http/LocalFileInsertToadlet.java
> ===================================================================
> --- trunk/freenet/src/freenet/clients/http/LocalFileInsertToadlet.java        
2009-02-25 18:32:48 UTC (rev 25819)
> +++ trunk/freenet/src/freenet/clients/http/LocalFileInsertToadlet.java        
2009-02-25 18:52:51 UTC (rev 25820)
> @@ -55,6 +55,8 @@
>               if(furi != null)
>                       extra = "&key="+furi.toASCIIString();
>               
> +             File thisPath;
> +             
>               String path = request.getParam("path");
>               if (path.length() == 0) {
>                       if (currentPath == null) {
> @@ -64,7 +66,7 @@
>                       return;
>               }
>  
> -             currentPath = new File(path).getCanonicalFile();
> +             thisPath = new File(path).getCanonicalFile();
>               
>               
>               PageMaker pageMaker = toadletContext.getPageMaker();
> @@ -72,12 +74,21 @@
>               HTMLNode pageNode = pageMaker.getPageNode(l10n("listingTitle", 
> "path", 
currentPath.getAbsolutePath()), toadletContext);
>               HTMLNode contentNode = pageMaker.getContentNode(pageNode);
>  
> -             if(!core.allowUploadFrom(currentPath)) {
> +             if(!core.allowUploadFrom(thisPath)) {
>                       HTMLNode infoboxE = 
contentNode.addChild(pageMaker.getInfobox("infobox-error",  "Forbidden"));
>                       HTMLNode infoboxEContent = 
> pageMaker.getContentNode(infoboxE);
>                       infoboxEContent.addChild("#", l10n("dirAccessDenied"));
>  
> -                     currentPath = new 
> File(System.getProperty("user.home")); // FIXME what 
if user.home is denied as well?
> +                     thisPath = currentPath;
> +                     if(!core.allowUploadFrom(thisPath)) {
> +                             File[] allowedDirs = 
> core.getAllowedUploadDirs();
> +                             if(allowedDirs.length == 0) {
> +                                     sendErrorPage(toadletContext, 403, 
> "Forbidden", 
l10n("dirAccessDenied"));
> +                                     return;
> +                             } else {
> +                                     thisPath = 
allowedDirs[core.node.fastWeakRandom.nextInt(allowedDirs.length)];
> +                             }
> +                     }
>               }
>  
>               if(toadletContext.isAllowedFullAccess())
> @@ -88,6 +99,9 @@
>               HTMLNode listingDiv = 
infoboxDiv.addChild("div", "class", "infobox-content");
>  
>               if (currentPath.exists() && currentPath.isDirectory() && 
currentPath.canRead()) {
> +                     // Known safe at this point
> +                     currentPath = thisPath;
> +
>                       File[] files = currentPath.listFiles();
>                       Arrays.sort(files, new Comparator<File>() {
>                               public int compare(File firstFile, File 
> secondFile) {

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Devl mailing list
[email protected]
http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Reply via email to