Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1318?usp=email
to review the following change.
Change subject: Canonicalize config_dir before comparing with the config file
location
......................................................................
Canonicalize config_dir before comparing with the config file location
Found by ZeroPath
Change-Id: I8e884c00cb94f97a612056e8dca74d821a6d6386
Signed-off-by: Selva Nair <[email protected]>
---
M src/openvpnserv/CMakeLists.txt
M src/openvpnserv/validate.c
2 files changed, 17 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/18/1318/1
diff --git a/src/openvpnserv/CMakeLists.txt b/src/openvpnserv/CMakeLists.txt
index 340b904..a92ee08 100644
--- a/src/openvpnserv/CMakeLists.txt
+++ b/src/openvpnserv/CMakeLists.txt
@@ -6,6 +6,11 @@
add_executable(openvpnserv)
+include(CheckSymbolExists)
+
+# Some old versions of mingw does not have PATHCCH_OPTIONS enums -- add a check
+check_symbol_exists(PATHCCH_ENSURE_TRAILING_SLASH pathcch.h
HAVE_PATHCCH_ENSURE_TRAILING_SLASH)
+
set(MC_GEN_DIR ${CMAKE_CURRENT_BINARY_DIR}/mc)
target_include_directories(openvpnserv PRIVATE
@@ -31,7 +36,7 @@
)
target_link_libraries(openvpnserv
advapi32.lib userenv.lib iphlpapi.lib fwpuclnt.lib rpcrt4.lib
- shlwapi.lib netapi32.lib ws2_32.lib ntdll.lib ole32.lib)
+ shlwapi.lib netapi32.lib ws2_32.lib ntdll.lib ole32.lib pathcch.lib)
if (MINGW)
target_compile_options(openvpnserv PRIVATE -municode)
target_link_options(openvpnserv PRIVATE -municode)
diff --git a/src/openvpnserv/validate.c b/src/openvpnserv/validate.c
index 59d5b86..2187fb5 100644
--- a/src/openvpnserv/validate.c
+++ b/src/openvpnserv/validate.c
@@ -25,6 +25,11 @@
#include <lmaccess.h>
#include <shlwapi.h>
#include <lm.h>
+#include <pathcch.h>
+
+#ifndef HAVE_PATHCCH_ENSURE_TRAILING_SLASH
+#define PATHCCH_ENSURE_TRAILING_SLASH 0x20
+#endif
static const WCHAR *white_list[] = {
L"auth-retry",
@@ -61,7 +66,7 @@
{
WCHAR tmp[MAX_PATH];
const WCHAR *config_file = NULL;
- const WCHAR *config_dir = NULL;
+ WCHAR config_dir[MAX_PATH];
/* convert fname to full path */
if (PathIsRelativeW(fname))
@@ -74,9 +79,12 @@
config_file = fname;
}
- config_dir = s->config_dir;
+ /* canonicalize config_dir and add trailing slash before comparison */
+ HRESULT res = PathCchCanonicalizeEx(config_dir, _countof(config_dir),
s->config_dir,
+ PATHCCH_ENSURE_TRAILING_SLASH);
- if (wcsncmp(config_dir, config_file, wcslen(config_dir)) == 0
+ if (res == S_OK
+ && wcsncmp(config_dir, config_file, wcslen(config_dir)) == 0
&& wcsstr(config_file + wcslen(config_dir), L"..") == NULL)
{
return TRUE;
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1318?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I8e884c00cb94f97a612056e8dca74d821a6d6386
Gerrit-Change-Number: 1318
Gerrit-PatchSet: 1
Gerrit-Owner: selvanair <[email protected]>
Gerrit-Reviewer: flichtenheld <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
Gerrit-Attention: flichtenheld <[email protected]>
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
