new version: 2016.4.4

Bugfix: reject dubious paths in HTTP repos.
This avoids a malicious repository writing to files outside the local storage root. (cherry picked from commit a2b111bb09)
2016-12-28 13:57:44 +01:00 · 2016-12-22 16:59:45 +01:00
2 changed files with 9 additions and 1 deletions
--- a/simgear/io/HTTPRepository.cxx
+++ b/simgear/io/HTTPRepository.cxx
@@ -612,6 +612,14 @@ private:
                SG_LOG(SG_TERRASYNC, SG_WARN, "malformed .dirindex file: invalid type in line '" << line << "', expected 'd' or 'f', (ignoring line)" );
                continue;
            }
+
+            // security: prevent writing outside the repository via ../../.. filenames
+            // (valid filenames never contain / - subdirectories have their own .dirindex)
+            if ((tokens[1] == "..") || (tokens[1].find_first_of("/\\") != std::string::npos)) {
+                SG_LOG(SG_TERRASYNC, SG_WARN, "malformed .dirindex file: invalid filename in line '" << line << "', (ignoring line)" );
+                continue;
+            }
+
            children.push_back(ChildInfo(typeData == "f" ? ChildInfo::FileType : ChildInfo::DirectoryType, tokens[1], tokens[2]));

            if (tokens.size() > 3) {
--- a/2
+++ b/2
@@ -1 +1 @@
-2016.4.3
+2016.4.4
Author	SHA1	Message	Date
Automatic Release Builder	235e38b69b	new version: 2016.4.4	2016-12-28 13:57:44 +01:00
James Turner	279b2c120f	Bugfix: reject dubious paths in HTTP repos. This avoids a malicious repository writing to files outside the local storage root. (cherry picked from commit `a2b111bb09`)	2016-12-22 16:59:45 +01:00
@@ -1 +1 @@
 .4.3
 .4.4