]>
Commit | Line | Data |
---|---|---|
1e29e54b AM |
1 | diff -urN cvs-nserver-1.11.1.52.org/src/modules.c cvs-nserver-1.11.1.52/src/modules.c |
2 | --- cvs-nserver-1.11.1.52.org/src/modules.c 2004-05-23 02:51:33.243861768 +0200 | |
3 | +++ cvs-nserver-1.11.1.52/src/modules.c 2004-05-23 03:11:37.243825952 +0200 | |
4 | @@ -159,6 +159,24 @@ | |
5 | } | |
6 | #endif | |
7 | ||
8 | + /* Don't process absolute directories. Anything else could be a security | |
9 | + * problem. Before this check was put in place: | |
10 | + * | |
11 | + * $ cvs -d:fork:/cvsroot co /foo | |
12 | + * cvs server: warning: cannot make directory CVS in /: Permission denied | |
13 | + * cvs [server aborted]: cannot make directory /foo: Permission denied | |
14 | + * $ | |
15 | + */ | |
16 | + if (isabsolute (mname)) | |
17 | + error (1, 0, "Absolute module reference invalid: `%s'", mname); | |
18 | + | |
19 | + /* Similarly for directories that attempt to step above the root of the | |
20 | + * repository. | |
21 | + */ | |
22 | + if (pathname_levels (mname) > 0) | |
23 | + error (1, 0, "up-level in module reference (`..') invalid: `%s'.", | |
24 | + mname); | |
25 | + | |
26 | /* if this is a directory to ignore, add it to that list */ | |
27 | if (mname[0] == '!' && mname[1] != '\0') | |
28 | { | |
29 | diff -urN cvs-nserver-1.11.1.52.org/src/client.c cvs-nserver-1.11.1.52/src/client.c | |
30 | --- cvs-nserver-1.11.1.52.org/src/client.c 2004-05-23 02:51:33.285855384 +0200 | |
31 | +++ cvs-nserver-1.11.1.52/src/client.c 2004-05-23 03:18:06.134705552 +0200 | |
32 | @@ -663,6 +663,18 @@ | |
33 | char *rdirp; | |
34 | int reposdirname_absolute; | |
35 | ||
36 | + /* For security reasons, if PATHNAME is absolute or attemps to ascend | |
37 | + * outside of the current sanbbox, we abort. The server should not send us | |
38 | + * anything but relative paths which remain inside the sandbox here. | |
39 | + * Anything less means a trojan CVS server could create and edit arbitrary | |
40 | + * files on the client. | |
41 | + */ | |
42 | + if (isabsolute (pathname) || pathname_levels (pathname) > 0) | |
43 | + { | |
44 | + error (0, 0, "Server attempted to update a file via an invalid pathname:"); | |
45 | + error (1, 0, "`%s'.", pathname); | |
46 | + } | |
47 | + | |
48 | reposname = NULL; | |
49 | read_line (&reposname); | |
50 | assert (reposname != NULL); |