Properly remove bad profile dir #435
|
@ -129,7 +129,7 @@ func (app *application) AddPeerPlugin(onion string, pluginID plugins.PluginID) {
|
|||
func (app *application) ImportProfile(exportedCwtchFile string, password string) (peer.CwtchPeer, error) {
|
||||
profileDirectory := path.Join(app.directory, "profiles")
|
||||
profile, err := peer.ImportProfile(exportedCwtchFile, profileDirectory, password)
|
||||
if err == nil {
|
||||
if profile != nil || err == nil {
|
||||
app.installProfile(profile)
|
||||
}
|
||||
return profile, err
|
||||
|
|
|
@ -5,6 +5,7 @@ import (
|
|||
"compress/gzip"
|
||||
"crypto/rand"
|
||||
"database/sql"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"fmt"
|
||||
"git.openprivacy.ca/openprivacy/log"
|
||||
|
@ -191,7 +192,8 @@ func ImportProfile(exportedCwtchFile string, profilesDir string, password string
|
|||
return profile, err
|
||||
}
|
||||
// Otherwise purge
|
||||
os.RemoveAll(filepath.Join(profilesDir, profileDir))
|
||||
log.Errorf("error importing profile: %v. removing %s", err, profileDir)
|
||||
dan marked this conversation as resolved
|
||||
os.RemoveAll(profileDir)
|
||||
return nil, err
|
||||
}
|
||||
return nil, err
|
||||
|
@ -237,6 +239,11 @@ func checkCwtchProfileBackupFile(srcFile string) (string, error) {
|
|||
dir := parts[0]
|
||||
profileFileType := parts[1]
|
||||
|
||||
_, hexErr := hex.DecodeString(dir)
|
||||
if dir == "." || dir == ".." || len(dir) !=32 || hexErr != nil {
|
||||
return "", errors.New("invalid profile name")
|
||||
}
|
||||
|
||||
if profileName == "" {
|
||||
profileName = dir
|
||||
}
|
||||
|
@ -292,6 +299,12 @@ func importCwtchProfileBackupFile(srcFile string, profilesDir string) error {
|
|||
}
|
||||
dir := parts[0]
|
||||
base := parts[1]
|
||||
|
||||
_, hexErr := hex.DecodeString(dir)
|
||||
if dir == "." || dir == ".." || len(dir) != 32 || hexErr != nil {
|
||||
return errors.New("invalid profile name")
|
||||
}
|
||||
|
||||
if profileName == "" {
|
||||
profileName = dir
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
is it possible a malicious profile tarball could be constructed with a "id" / directory named '..' or something that on import and failure it trigers a deletion of the profiles directory or worse?