summaryrefslogtreecommitdiffstats
path: root/src/daemon
diff options
context:
space:
mode:
authorDenys Vlasenko <dvlasenk@redhat.com>2011-03-14 17:41:12 +0100
committerDenys Vlasenko <dvlasenk@redhat.com>2011-03-14 17:41:12 +0100
commitcbe3dd9930e68140ca8aeb17e4fb20fce09981df (patch)
tree40811a4952b0418c5f2d8013b98f655b7a77d1d1 /src/daemon
parent938d5557c6fcedbca3ab075afb21a9c0b6a3ace8 (diff)
downloadabrt-cbe3dd9930e68140ca8aeb17e4fb20fce09981df.zip
abrt-cbe3dd9930e68140ca8aeb17e4fb20fce09981df.tar.gz
abrt-cbe3dd9930e68140ca8aeb17e4fb20fce09981df.tar.xz
abrtd: do not accept requests to delete directories not in /var/spool/abrt/
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Diffstat (limited to 'src/daemon')
-rw-r--r--src/daemon/MiddleWare.cpp12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/daemon/MiddleWare.cpp b/src/daemon/MiddleWare.cpp
index 8d62c69..8440036 100644
--- a/src/daemon/MiddleWare.cpp
+++ b/src/daemon/MiddleWare.cpp
@@ -744,6 +744,16 @@ int CreateReportThread(const char* crash_id, long caller_uid, int force, const c
/* Remove dump dir */
int DeleteDebugDump(const char *dump_dir_name, long caller_uid)
{
+ /* If doesn't start with "DEBUG_DUMPS_DIR/"... */
+ if (strncmp(dump_dir_name, DEBUG_DUMPS_DIR"/", strlen(DEBUG_DUMPS_DIR"/")) != 0
+ /* or contains "/." anywhere (-> might contain ".." component) */
+ || strstr(dump_dir_name + strlen(DEBUG_DUMPS_DIR), "/.")
+ ) {
+ /* Then refuse to operate on it (someone is attacking us??) */
+ error_msg("Bad dump directory name '%s', not deleting", dump_dir_name);
+ return MW_ERROR;
+ }
+
struct dump_dir *dd = dd_opendir(dump_dir_name, /*flags:*/ 0);
if (!dd)
return MW_NOENT_ERROR;
@@ -760,7 +770,7 @@ int DeleteDebugDump(const char *dump_dir_name, long caller_uid)
if (!string_to_bool(inform_all))
{
dd_close(dd);
- error_msg("crash '%s' can't be accessed by user with uid %ld", dump_dir_name, caller_uid);
+ error_msg("Dump directory '%s' can't be accessed by user with uid %ld", dump_dir_name, caller_uid);
return 1;
}
}