summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAmar Tumballi <amar@gluster.com>2009-07-15 01:38:33 +0000
committerAnand V. Avati <avati@dev.gluster.com>2009-07-16 00:37:33 -0700
commit3ce764351c0cdf01637eb0f19ec9846e91ca3f35 (patch)
tree0432a64253b92dd6e01f798cc34eb9255985283a
parent61d9179fd8e884e3ace5b1ffd38f89e5032dbb42 (diff)
add strict validatation of GF_OPTION_TYPE_PATH option type.
Make sure that users don't provide "../" in the path value in volume file, which should be considered security issue. Signed-off-by: Anand V. Avati <avati@dev.gluster.com> BUG: 141 (GF_OPTION_TYPE_PATH should check for presence of ".." in path) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=141
-rw-r--r--libglusterfs/src/xlator.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/libglusterfs/src/xlator.c b/libglusterfs/src/xlator.c
index 6f5da84b4c0..351e2434467 100644
--- a/libglusterfs/src/xlator.c
+++ b/libglusterfs/src/xlator.c
@@ -247,7 +247,15 @@ _volume_option_value_validate (xlator_t *xl,
switch (opt->type) {
case GF_OPTION_TYPE_PATH:
{
- /* Make sure the given path is valid */
+ if (strstr (pair->value->data, "../")) {
+ gf_log (xl->name, GF_LOG_ERROR,
+ "invalid path given '%s'",
+ pair->value->data);
+ ret = -1;
+ goto out;
+ }
+
+ /* Make sure the given path is valid */
if (pair->value->data[0] != '/') {
gf_log (xl->name, GF_LOG_WARNING,
"option %s %s: '%s' is not an "