Fix arbitrary read from file system

taurus: Fix arbitrary read from file system v1 APPLIED

Alexey Yerin

Alexey Yerin: 1
 Fix arbitrary read from file system

 1 files changed, 9 insertions(+), 1 deletions(-)

Export patchset (mbox)

How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.sr.ht/~garritfra/public-inbox/patches/14838/mbox | git am -3

Learn more about email & git

View this thread in the archives

[PATCH taurus] Fix arbitrary read from file system Export this patch

Alexey Yerin

3 months ago

If you pass path like `example.com//etc/passwd`, server will respond
with contents of `/etc/passwd` file

Signed-off-by: Alexey Yerin <yerinalexey98fd@gmail.com>
---
 src/gemini.rs | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/gemini.rs b/src/gemini.rs
index 1dd3c85..5f9cb3b 100644
--- a/src/gemini.rs
+++ b/src/gemini.rs
@@ -14,13 +14,21 @@ impl GeminiRequest {
         Ok(gemini_request)
     }
 
-    pub fn file_path(&self) -> Option<&str> {
+    fn unsafe_file_path(&self) -> Option<&str> {
         self.path
             .path()
             .chars()
             .next()
             .map(|c| &self.path.path()[c.len_utf8()..])
     }
+
+    pub fn file_path(&self) -> Option<&str> {
+        match self.unsafe_file_path() {
+            Some(path) if path.contains("..") || path.starts_with("/") => None,
+            Some(path) => Some(path),
+            None => None,
+        }
+    }
 }
 
 fn parse_path(req: &str) -> Option<&str> {
-- 
2.29.2