|
|
- From d0fe86177427e0c3bc2cec1436d74472e4b618dd Mon Sep 17 00:00:00 2001
- From: Muh Muhten <muh.muhten@gmail.com>
- Date: Tue, 19 Feb 2019 00:35:40 -0500
- Subject: [PATCH 5/9] Catch .. as the first component of a module path
-
- Only the second and subsequent path components were being checked, which
- I guess is theoretically security-relevant.
-
- There's no apparent point to reconstructing the path after splitting it
- by adding /s back in, either.
- ---
- src/linker.c | 9 ++-------
- 1 file changed, 2 insertions(+), 7 deletions(-)
-
- --- a/src/linker.c
- +++ b/src/linker.c
- @@ -98,12 +98,9 @@ static jv validate_relpath(jv name) {
- return res;
- }
- jv components = jv_string_split(jv_copy(name), jv_string("/"));
- - jv rp = jv_array_get(jv_copy(components), 0);
- - components = jv_array_slice(components, 1, jv_array_length(jv_copy(components)));
- jv_array_foreach(components, i, x) {
- if (!strcmp(jv_string_value(x), "..")) {
- jv_free(x);
- - jv_free(rp);
- jv_free(components);
- jv res = jv_invalid_with_msg(jv_string_fmt("Relative paths to modules may not traverse to parent directories (%s)", s));
- jv_free(name);
- @@ -111,18 +108,16 @@ static jv validate_relpath(jv name) {
- }
- if (i > 0 && jv_equal(jv_copy(x), jv_array_get(jv_copy(components), i - 1))) {
- jv_free(x);
- - jv_free(rp);
- jv_free(components);
- jv res = jv_invalid_with_msg(jv_string_fmt("module names must not have equal consecutive components: %s",
- jv_string_value(name)));
- jv_free(name);
- return res;
- }
- - rp = jv_string_concat(rp, jv_string_concat(jv_string("/"), x));
- + jv_free(x);
- }
- jv_free(components);
- - jv_free(name);
- - return rp;
- + return name;
- }
-
- // Assumes name has been validated
|
