Check if file or dir is .. (#711)

* Check if file or dir is .. * Diff and check name is .. * Go diff and check name is .. * Check if ignore new name or name --------- Co-authored-by: 杨赫然 <[email protected]>
haiwen · Nov 20, 2024 · d727249 · d727249
1 parent 665d008
commit d727249
Show file tree

Hide file tree

Showing 4 changed files with 111 additions and 0 deletions.
diff --git a/fileserver/fileop.go b/fileserver/fileop.go
@@ -2338,7 +2338,21 @@ func nameExists(entries []*fsmgr.SeafDirent, fileName string) bool {
 	return false
 }
 
+func shouldIgnore(fileName string) bool {
+	parts := strings.Split(fileName, "/")
+	for _, name := range parts {
+		if name == ".." {
+			return true
+		}
+	}
+	return false
+}
+
 func shouldIgnoreFile(fileName string) bool {
+	if shouldIgnore(fileName) {
+		return true
+	}
+
 	if !utf8.ValidString(fileName) {
 		log.Printf("file name %s contains non-UTF8 characters, skip", fileName)
 		return true

diff --git a/fileserver/sync_api.go b/fileserver/sync_api.go
@@ -1045,6 +1045,11 @@ func putUpdateBranchCB(rsp http.ResponseWriter, r *http.Request) *appError {
 		return &appError{err, "", http.StatusInternalServerError}
 	}
 
+	if includeInvalidPath(base, newCommit) {
+		msg := fmt.Sprintf("Dir or file name is ..")
+		return &appError{nil, msg, http.StatusBadRequest}
+	}
+
 	ret, err := checkQuota(repoID, 0)
 	if err != nil {
 		err := fmt.Errorf("Failed to check quota: %v", err)
@@ -1153,6 +1158,28 @@ func checkDirCB(ctx context.Context, baseDir string, dirs []*fsmgr.SeafDirent, d
 	return nil
 }
 
+func includeInvalidPath(baseCommit, newCommit *commitmgr.Commit) bool {
+	var results []*diff.DiffEntry
+	if err := diff.DiffCommits(baseCommit, newCommit, &results, true); err != nil {
+		log.Infof("Failed to diff commits: %v", err)
+		return false
+	}
+
+	for _, entry := range results {
+		if entry.NewName != "" {
+			if shouldIgnore(entry.NewName) {
+				return true
+			}
+		} else {
+			if shouldIgnore(entry.Name) {
+				return true
+			}
+		}
+	}
+
+	return false
+}
+
 func getHeadCommit(rsp http.ResponseWriter, r *http.Request) *appError {
 	vars := mux.Vars(r)
 	repoID := vars["repoid"]

diff --git a/server/http-server.c b/server/http-server.c
@@ -1192,6 +1192,57 @@ check_blocks (SeafRepo *repo, SeafCommit *base, SeafCommit *remote, char **ret_b
     return -1;
 }
 
+gboolean
+should_ignore (const char *filename)
+{
+    char **components = g_strsplit (filename, "/", -1);
+    int n_comps = g_strv_length (components);
+    int j = 0;
+    char *file_name;
+
+    for (; j < n_comps; ++j) {
+        file_name = components[j];
+        if (g_strcmp0(file_name, "..") == 0) {
+            g_strfreev (components);
+            return TRUE;
+        }
+    }
+    g_strfreev (components);
+
+    return FALSE;
+}
+
+static gboolean
+include_invalid_path (SeafCommit *base_commit, SeafCommit *new_commit) {
+    GList *diff_entries = NULL;
+    gboolean ret = FALSE;
+
+    int rc = diff_commits (base_commit, new_commit, &diff_entries, TRUE);
+    if (rc < 0) {
+        seaf_warning ("Failed to check invalid path.\n");
+        return FALSE;
+    }
+
+    GList *ptr;
+    DiffEntry *diff_entry;
+    for (ptr = diff_entries; ptr; ptr = ptr->next) {
+        diff_entry = ptr->data;
+        if (diff_entry->new_name) {
+            if (should_ignore(diff_entry->new_name)) {
+                ret = TRUE;
+                break;
+            }
+        } else {
+            if (should_ignore(diff_entry->name)) {
+                ret = TRUE;
+                break;
+            }
+        }
+    }
+
+    return ret;
+}
+
 static void
 put_update_branch_cb (evhtp_request_t *req, void *arg)
 {
@@ -1249,6 +1300,11 @@ put_update_branch_cb (evhtp_request_t *req, void *arg)
         goto out;
     }
 
+    if (include_invalid_path (base, new_commit)) {
+        evhtp_send_reply (req, EVHTP_RES_BADREQ);
+        goto out;
+    }
+
     if (seaf_quota_manager_check_quota (seaf->quota_mgr, repo_id) < 0) {
         evhtp_send_reply (req, SEAF_HTTP_RES_NOQUOTA);
         goto out;

diff --git a/server/repo-mgr.c b/server/repo-mgr.c
@@ -256,6 +256,20 @@ should_ignore_file(const char *filename, void *data)
 {
     /* GPatternSpec **spec = ignore_patterns; */
 
+    char **components = g_strsplit (filename, "/", -1);
+    int n_comps = g_strv_length (components);
+    int j = 0;
+    char *file_name;
+
+    for (; j < n_comps; ++j) {
+        file_name = components[j];
+        if (g_strcmp0(file_name, "..") == 0) {
+            g_strfreev (components);
+            return TRUE;
+        }
+    }
+    g_strfreev (components);
+
     if (!g_utf8_validate (filename, -1, NULL)) {
         seaf_warning ("File name %s contains non-UTF8 characters, skip.\n", filename);
         return TRUE;