glusterd/geo-rep: Add relative path validation to copy file command

Added validation for input file, command fails if input file path is relative path pointing outside of GLUSTERD_WORKDIR. BUG: 1348897 Change-Id: I329d43ebed69bfe9fe03d6be70dc8c78a605ffc5 Signed-off-by: Aravinda VK <avishwan@redhat.com> Reviewed-on: http://review.gluster.org/14772 Smoke: Gluster Build System <jenkins@build.gluster.org> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> CentOS-regression: Gluster Build System <jenkins@build.gluster.org> Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
author: Aravinda VK <avishwan@redhat.com> 2016-06-22 14:57:44 +0530
committer: Jeff Darcy <jdarcy@redhat.com> 2016-06-27 10:11:43 -0700
commit: 888de8851e718d8e3117e47fa35cfc075b998f62 (patch)
tree: 22866fd0dab4f4681faccd9677b5631582eed7c5
parent: 04d95b93f1b0011920a15994059c3b17cf04e434 (diff)
1 files changed, 34 insertions, 0 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-geo-rep.c b/xlators/mgmt/glusterd/src/glusterd-geo-rep.c
index 13407c22df9..57b50934489 100644
--- a/xlators/mgmt/glusterd/src/glusterd-geo-rep.c
+++ b/xlators/mgmt/glusterd/src/glusterd-geo-rep.c
@@ -2395,6 +2395,9 @@ glusterd_op_stage_copy_file (dict_t *dict, char **op_errstr)
         glusterd_conf_t *priv                   = NULL;
         struct stat      stbuf                  = {0,};
         xlator_t         *this                  = NULL;
+        char             workdir[PATH_MAX]      = {0,};
+        char             realpath_filename[PATH_MAX] = {0,};
+        char             realpath_workdir[PATH_MAX]  = {0,};
 
         this = THIS;
         GF_ASSERT (this);
@@ -2439,6 +2442,37 @@ glusterd_op_stage_copy_file (dict_t *dict, char **op_errstr)
                 snprintf (abs_filename, sizeof(abs_filename),
                           "%s/%s", priv->workdir, filename);
 
+                if (!realpath (priv->workdir, realpath_workdir)) {
+                        snprintf (errmsg, sizeof (errmsg), "Failed to get "
+                                  "realpath of %s: %s", priv->workdir,
+                                  strerror (errno));
+                        *op_errstr = gf_strdup (errmsg);
+                        ret = -1;
+                        goto out;
+                }
+
+                if (!realpath (abs_filename, realpath_filename)) {
+                        snprintf (errmsg, sizeof (errmsg), "Failed to get "
+                                  "realpath of %s: %s", filename,
+                                  strerror (errno));
+                        *op_errstr = gf_strdup (errmsg);
+                        ret = -1;
+                        goto out;
+                }
+
+                /* Add Trailing slash to workdir, without slash strncmp
+                   will succeed for /var/lib/glusterd_bad */
+                snprintf (workdir, sizeof(workdir), "%s/", realpath_workdir);
+
+                /* Protect against file copy outside $workdir */
+                if (strncmp (workdir, realpath_filename, strlen (workdir))) {
+                        snprintf (errmsg, sizeof (errmsg), "Source file"
+                                  " is outside of %s directory", priv->workdir);
+                        *op_errstr = gf_strdup (errmsg);
+                        ret = -1;
+                        goto out;
+                }
+
                 ret = sys_lstat (abs_filename, &stbuf);
                 if (ret) {
                         snprintf (errmsg, sizeof (errmsg), "Source file"
author	Aravinda VK <avishwan@redhat.com>	2016-06-22 14:57:44 +0530
committer	Jeff Darcy <jdarcy@redhat.com>	2016-06-27 10:11:43 -0700
commit	888de8851e718d8e3117e47fa35cfc075b998f62 (patch)
tree	22866fd0dab4f4681faccd9677b5631582eed7c5
parent	04d95b93f1b0011920a15994059c3b17cf04e434 (diff)