Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Secure path handling #343

Merged
merged 8 commits into from
Dec 24, 2015
Merged

Secure path handling #343

merged 8 commits into from
Dec 24, 2015

Conversation

Unrud
Copy link
Collaborator

@Unrud Unrud commented Dec 24, 2015

This fixes a number of issues with dodgy path handling:

  • Paths like .., ../.. or // are not sanitized correctly

  • The program crashes if a path doesn't start with base_prefix instead of showing an error message

  • On MS Windows the filesystem backend allows access to the first level of files on a drive.

    e.g. the path /c:/filename/dummy gets converted to c:\filename

  • The multifilesystem backend allows access to arbitrary files on all platforms.

    e.g. set the UID of a ics file to /dev/null

Unrud added 8 commits December 24, 2015 14:32
Improve URI sanitation
ee095a4 
The old implementation failed to sanitize URIs
like ".", "..", "../.." or "//"
Always sanitize request URI
780cecc 
Do no rely on the HTTP server
Error message if path not starting with prefix
ed44830 
Before the program crashed implicitly
Move sanitize_path into pathutils.py
1ad994c
Use sanitize_path instead of normpath
6b7e79a 
See a7b47f075499a1e1b40539bc1fa872a3ab77a204
The check for "." is now needless because the sane
path is always absolute.
```path.replace(os.sep, "/")``` is only relevant
for the (multi)filesystem backend and should be
there.
Convert paths safely to file system paths
b4b3d51 
With the old implementation on Windows a path like
"/c:/file/ignore" got converted to "c:\file" and
allowed access to files outside of FOLDER
Convert component names safely to filenames
bcaf452 
Component names are controlled by the user and
without this checks access to arbitrary files is
possible if the multifilesystem backend is used.
Convert filesystem paths safely to paths
eed3779 
This only becomes a problem if the OS/filesystem
allows / in filenames or . respectively
.. as filenames.
liZe added a commit that referenced this pull request Dec 24, 2015
@liZe
Merge pull request #343 from Unrud/paths
18c8864 
Secure path handling
@liZe liZe merged commit 18c8864 into Kozea:master Dec 24, 2015
@liZe
Copy link
Member

liZe commented Dec 24, 2015

That's a serious one.

Do you have other security-related issues coming? I'll have to release a new version after that.

Thank you again!

@Unrud
Copy link
Collaborator Author

Unrud commented Dec 24, 2015

No, I've not.

@liZe liZe modified the milestone: 1.1 Dec 31, 2015
@Unrud Unrud deleted the paths branch September 1, 2016 09:03
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.1
Development

Successfully merging this pull request may close these issues.
2 participants
@Unrud @liZe