[freenet-dev] [freenet-cvs] r12155 - trunk/freenet/src/freenet/node/fcp

Fri, 16 Mar 2007 21:35:06 +0000 

There is a potential race condition here. You MUST pass in arguments to
FileOutputStream telling it not to overwrite an existing file, in the
case that the argument was passed in by the client. Or you can get e.g.
symlink attacks.

BTW, why so many options? Why not simply *always* generate a new temp
file to write to? Simplicity is good...

Also didn't you say it would be restricted to the download dir? I'm not
convinced that's a good idea admittedly - you might want a list of
allowed dirs anyway?

On Fri, Mar 16, 2007 at 05:43:47PM +0000, saces at freenetproject.org wrote:
> Author: saces
> Date: 2007-03-16 17:43:46 +0000 (Fri, 16 Mar 2007)
> New Revision: 12155
> 
> Added:
>    trunk/freenet/src/freenet/node/fcp/TestDDAMessage.java
> Log:
> new TestDDA command
> 
> +                     File f;
> +                     try {
> +                             if (writefilename.trim().length() == 0) {
> +                                     //generate one
> +                                     f = File.createTempFile("NodeDDAtest", 
> ".dat", dir);
> +                                     writeTestFilename = f.getName();
> +                             } else { 
> +                                     f = new File(dir, writefilename);
> +                                     if (f.exists()) {
> +                                             throw new 
> MessageInvalidException(ProtocolErrorMessage.DISK_TARGET_EXISTS, "Write test 
> target file can't exist!", identifier, false);
> +                                     }
> +                             }
> +                     
> +                             f.deleteOnExit();
> +                     
> +                             FileOutputStream fos = new FileOutputStream(f);
> +                             fos.write(b);
> +                             fos.close();
> +                     
> +                             FileInputStream fis = new FileInputStream(f);
> +                     
> +                             byte[] bb = new byte[8];
> +
> +                             fis.read(bb);
> +                             fis.close();
> +                     
> +                             writeResult= HexUtil.bytesToHex(bb, 0 ,8);
> +                             resultWrite = Arrays.equals(b, bb);
> +                             
> +                             if (deleteFile) 
> +                                     f.delete();
> +                             
> +                     } catch (IOException ioe) {
> +                     }
> +             }
> +             status = 0;
> +     }
> +     
> +     private String getStatus() {
> +             if (status == 0) return "Done";
> +             if (status > 0) return "Failed";
> +             return "Unknown";
> +     }
> +     
> +     private String getResultName(boolean rn) {
> +             if (rn) return "OK";
> +             return "Failed";
> +     }
> +
> +}
> 
> _______________________________________________
> cvs mailing list
> cvs at freenetproject.org
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: 
<https://emu.freenetproject.org/pipermail/devl/attachments/20070316/9a9968ec/attachment.pgp>

Reply via email to