cwtch.im
/
cwtch
16
20
Fork 16
Code Issues 10 Pull Requests 2 Releases 163 Wiki Activity

Properly remove bad profile dir #435

Merged
dan merged 2 commits from import_export into master 2022-03-09 23:58:37 +00:00
Conversation 3 Commits 2 Files Changed 2 +15 -2
sarah commented 2022-03-09 22:33:14 +00:00
Owner
Copy Link
No description provided.
sarah added 1 commit 2022-03-09 22:33:14 +00:00
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
bf4cca631c Properly remove bad profile dir
buildbot commented 2022-03-09 22:41:27 +00:00
Member
Copy Link

Drone Build Status: failure

https://build.openprivacy.ca/cwtch.im/cwtch/735

Drone Build Status: failure https://build.openprivacy.ca/cwtch.im/cwtch/735
buildbot commented 2022-03-09 22:58:34 +00:00
Member
Copy Link

Drone Build Status: success

https://build.openprivacy.ca/cwtch.im/cwtch/736

Drone Build Status: success https://build.openprivacy.ca/cwtch.im/cwtch/736
dan reviewed 2022-03-09 23:47:57 +00:00
peer/storage.go
@ -193,2 +193,3 @@
// Otherwise purge
os.RemoveAll(filepath.Join(profilesDir, profileDir))
log.Errorf("error importing profile: %v. removing %s", err, profileDir)
os.RemoveAll(profileDir)
dan commented 2022-03-09 23:47:57 +00:00
Owner
Copy Link

is it possible a malicious profile tarball could be constructed with a "id" / directory named '..' or something that on import and failure it trigers a deletion of the profiles directory or worse?

is it possible a malicious profile tarball could be constructed with a "id" / directory named '..' or something that on import and failure it trigers a deletion of the profiles directory or worse?
dan marked this conversation as resolved
sarah added 1 commit 2022-03-09 23:52:36 +00:00
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
ff91300c39 Adding extra checks to import tarball profile name
dan merged commit 9e506e5190 into master 2022-03-09 23:58:37 +00:00
buildbot commented 2022-03-10 00:09:41 +00:00
Member
Copy Link

Drone Build Status: success

https://build.openprivacy.ca/cwtch.im/cwtch/738

Drone Build Status: success https://build.openprivacy.ca/cwtch.im/cwtch/738
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
applications

   
BLOCKED

   
bug

   
design

   
duplicate

   
enhancement

   
fixed?

   
funding-needed

   
help wanted

   
infrastructure

   
invalid

   
payments

   
qubes

   
question

   
ready-for-implementation

   
refactor

   
spam

   
tapir-server

   
testing

   
tor

   
wontfix
No Label
applications
BLOCKED
bug
design
duplicate
enhancement
fixed?
funding-needed
help wanted
infrastructure
invalid
payments
qubes
question
ready-for-implementation
refactor
spam
tapir-server
testing
tor
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cwtch.im/cwtch#435
No description provided.
Delete Branch "import_export"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?