Adding extra checks to import tarball profile name
This commit is contained in:
parent
bf4cca631c
commit
ff91300c39
|
@ -5,6 +5,7 @@ import (
|
|||
"compress/gzip"
|
||||
"crypto/rand"
|
||||
"database/sql"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"fmt"
|
||||
"git.openprivacy.ca/openprivacy/log"
|
||||
|
@ -238,6 +239,11 @@ func checkCwtchProfileBackupFile(srcFile string) (string, error) {
|
|||
dir := parts[0]
|
||||
profileFileType := parts[1]
|
||||
|
||||
_, hexErr := hex.DecodeString(dir)
|
||||
if dir == "." || dir == ".." || len(dir) !=32 || hexErr != nil {
|
||||
return "", errors.New("invalid profile name")
|
||||
}
|
||||
|
||||
if profileName == "" {
|
||||
profileName = dir
|
||||
}
|
||||
|
@ -293,6 +299,12 @@ func importCwtchProfileBackupFile(srcFile string, profilesDir string) error {
|
|||
}
|
||||
dir := parts[0]
|
||||
base := parts[1]
|
||||
|
||||
_, hexErr := hex.DecodeString(dir)
|
||||
if dir == "." || dir == ".." || len(dir) != 32 || hexErr != nil {
|
||||
return errors.New("invalid profile name")
|
||||
}
|
||||
|
||||
if profileName == "" {
|
||||
profileName = dir
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue