You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
50 lines
1.8 KiB
50 lines
1.8 KiB
From d0fe86177427e0c3bc2cec1436d74472e4b618dd Mon Sep 17 00:00:00 2001
|
|
From: Muh Muhten <muh.muhten@gmail.com>
|
|
Date: Tue, 19 Feb 2019 00:35:40 -0500
|
|
Subject: [PATCH 5/9] Catch .. as the first component of a module path
|
|
|
|
Only the second and subsequent path components were being checked, which
|
|
I guess is theoretically security-relevant.
|
|
|
|
There's no apparent point to reconstructing the path after splitting it
|
|
by adding /s back in, either.
|
|
---
|
|
src/linker.c | 9 ++-------
|
|
1 file changed, 2 insertions(+), 7 deletions(-)
|
|
|
|
--- a/src/linker.c
|
|
+++ b/src/linker.c
|
|
@@ -98,12 +98,9 @@ static jv validate_relpath(jv name) {
|
|
return res;
|
|
}
|
|
jv components = jv_string_split(jv_copy(name), jv_string("/"));
|
|
- jv rp = jv_array_get(jv_copy(components), 0);
|
|
- components = jv_array_slice(components, 1, jv_array_length(jv_copy(components)));
|
|
jv_array_foreach(components, i, x) {
|
|
if (!strcmp(jv_string_value(x), "..")) {
|
|
jv_free(x);
|
|
- jv_free(rp);
|
|
jv_free(components);
|
|
jv res = jv_invalid_with_msg(jv_string_fmt("Relative paths to modules may not traverse to parent directories (%s)", s));
|
|
jv_free(name);
|
|
@@ -111,18 +108,16 @@ static jv validate_relpath(jv name) {
|
|
}
|
|
if (i > 0 && jv_equal(jv_copy(x), jv_array_get(jv_copy(components), i - 1))) {
|
|
jv_free(x);
|
|
- jv_free(rp);
|
|
jv_free(components);
|
|
jv res = jv_invalid_with_msg(jv_string_fmt("module names must not have equal consecutive components: %s",
|
|
jv_string_value(name)));
|
|
jv_free(name);
|
|
return res;
|
|
}
|
|
- rp = jv_string_concat(rp, jv_string_concat(jv_string("/"), x));
|
|
+ jv_free(x);
|
|
}
|
|
jv_free(components);
|
|
- jv_free(name);
|
|
- return rp;
|
|
+ return name;
|
|
}
|
|
|
|
// Assumes name has been validated
|