blob: 0db8c3bc2959c515eec08e5d9f946cf450f7cd97 (
about) (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
--- ./disk.c.orig 2008-02-15 18:13:25.000000000 -0600
+++ ./disk.c 2011-04-20 20:27:55.978000772 -0500
@@ -356,6 +356,19 @@
filename[strlen(filename) - 1] = 0;
sprintf(path, "%s%s", g_rdpdr_device[device_id].local_path, filename);
+ /* Protect against mailicous servers:
+ somelongpath/.. not allowed
+ somelongpath/../b not allowed
+ somelongpath/..b in principle ok, but currently not allowed
+ somelongpath/b.. ok
+ somelongpath/b..b ok
+ somelongpath/b../c ok
+ */
+ if (strstr(path, "/.."))
+ {
+ return RD_STATUS_ACCESS_DENIED;
+ }
+
switch (create_disposition)
{
case CREATE_ALWAYS:
|
