projects / ostree.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 854a823) | patch
tests: Add a test case for path traversal in a dirtree
authorColin Walters <walters@verbum.org>
Fri, 12 Jan 2018 14:01:52 +0000 (09:01 -0500)
committerAtomic Bot <atomic-devel@projectatomic.io>
Fri, 12 Jan 2018 19:38:34 +0000 (19:38 +0000)
commit2b78df25f469f01f96616ac3bcb5bc17bd68ab2e
treee5584dad753a100724382467b648e1d9e9149ba8tree | snapshot
parent854a823e05d6fe8b610c02c2a71eaeb2bf1e98a6commit | diff
tests: Add a test case for path traversal in a dirtree

I was reading about a recent security issue with both EMC and VMWare:
https://arstechnica.com/information-technology/2018/01/emc-vmware-security-bugs-throw-gasoline-on-cloud-security-fire/

It's a classic path traversal problem, and that made me think more about our
handling of this in libostree.  Fortunately of course, not being new to
this rodeo, long ago I *did* consider path traversal.  Inside the pull
code, we call `ot_util_filename_validate()`.  Also, `fsck` does this too.

I have further followups here, but let's add some test cases for this. I crafted
a repository with a `../` in a dirtree object by patching libostree to inject
it, and that's included as a tarball.

This patch covers the two cases where we do already have checks; pulling
via HTTP, and in `fsck`.

Closes: #1412
Approved by: jlebon
Makefile-tests.am diff | blob | history
cfg.mk diff | blob | history
tests/ostree-path-traverse.tar.gz [new file with mode: 0644] blob
tests/pull-test.sh diff | blob | history
tests/test-corruption.sh diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.