openEuler-20.03-LTS

分支 (9)

标签 (3)

管理

管理

openEuler-20.03-LTS

abc

openEuler-20.03-LTS-Next

openEuler-20.03-LTS-SP1

master

openEuler-20.09

riscv

openEuler1.0-base

openEuler1.0

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

qemu123
/
slirp-tftp-restrict-relative-path-acc...

From 2fc07f4ce31a2cc9973cfb1c20897c6a4babd8b8 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <[email protected]>
Date: Fri, 15 May 2020 16:45:28 +0800
Subject: [PATCH] slirp: tftp: restrict relative path access

tftp restricts relative or directory path access on Linux systems.
Apply same restrictions on Windows systems too. It helps to avoid
directory traversal issue.

Fixes: https://bugs.launchpad.net/qemu/+bug/1812451Reported-by: default avatarPeter Maydell <[email protected]>
Signed-off-by: default avatarPrasad J Pandit <[email protected]>
Reviewed-by: Samuel Thibault's avatarSamuel Thibault <[email protected]>
Message-Id: <[email protected]>

diff --git a/slirp/src/tftp.c b/slirp/src/tftp.c
index 093c2e06..2b4176cc 100644
--- a/slirp/src/tftp.c
+++ b/slirp/src/tftp.c
@@ -344,8 +344,13 @@ static void tftp_handle_rrq(Slirp *slirp, struct sockaddr_storage *srcsas,
     k += 6; /* skipping octet */

     /* do sanity checks on the filename */
-    if (!strncmp(req_fname, "../", 3) ||
-        req_fname[strlen(req_fname) - 1] == '/' || strstr(req_fname, "/../")) {
+    if (
+#ifdef G_OS_WIN32
+        strstr(req_fname, "..\\") ||
+        req_fname[strlen(req_fname) - 1] == '\\' ||
+#endif
+        strstr(req_fname, "../") ||
+        req_fname[strlen(req_fname) -1] == '/') {
         tftp_send_error(spt, 2, "Access violation", tp);
         return;
     }
--
2.23.0