cwtch.im
/
cwtch
16
20
Fork 16
Code Issues 10 Pull Requests 2 Releases 163 Wiki Activity

Adding extra checks to import tarball profile name
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details

This commit is contained in:
Sarah Jamie Lewis 2022-03-09 15:52:24 -08:00
parent bf4cca631c
commit ff91300c39
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
peer/storage.go
View File

@ -5,6 +5,7 @@ import (
"compress/gzip"
"crypto/rand"
"database/sql"
"encoding/hex"
"errors"
"fmt"
"git.openprivacy.ca/openprivacy/log"
@ -238,6 +239,11 @@ func checkCwtchProfileBackupFile(srcFile string) (string, error) {
dir := parts[0]
profileFileType := parts[1]
_, hexErr := hex.DecodeString(dir)
if dir == "." || dir == ".." || len(dir) !=32 || hexErr != nil {
return "", errors.New("invalid profile name")
}
if profileName == "" {
profileName = dir
}
@ -293,6 +299,12 @@ func importCwtchProfileBackupFile(srcFile string, profilesDir string) error {
}
dir := parts[0]
base := parts[1]
_, hexErr := hex.DecodeString(dir)
if dir == "." || dir == ".." || len(dir) != 32 || hexErr != nil {
return errors.New("invalid profile name")
}
if profileName == "" {
profileName = dir
}