GCancellable *cancellable,
GError **error)
{
+ /* Validate this up front to prevent path traversal attacks */
+ if (!ot_util_filename_validate (destination_name, error))
+ return FALSE;
+
gboolean need_copy = TRUE;
gboolean is_bare_user_symlink = FALSE;
char loose_path_buf[_OSTREE_LOOSE_PATH_MAX];
while (g_variant_iter_loop (&viter, "(&s@ay@ay)", &dname,
&subdirtree_csum_v, &subdirmeta_csum_v))
{
+ /* Validate this up front to prevent path traversal attacks. Note that
+ * we don't validate at the top of this function like we do for
+ * checkout_one_file_at() becuase I believe in some cases this function
+ * can be called *initially* with user-specified paths for the root
+ * directory.
+ */
+ if (!ot_util_filename_validate (dname, error))
+ return FALSE;
+
const size_t origlen = selabel_path_buf ? selabel_path_buf->len : 0;
if (selabel_path_buf)
{
set -euo pipefail
-echo "1..5"
+echo "1..6"
. $(dirname $0)/libtest.sh
fatal "fsck unexpectedly succeeded"
fi
assert_file_has_content_literal err.txt '.dirtree: Invalid / in filename ../afile'
+echo "ok path traverse fsck"
-echo "ok path traverse"
-
+cd ${test_tmpdir}
+if ${CMD_PREFIX} ostree --repo=ostree-path-traverse/repo checkout pathtraverse-test pathtraverse-test 2>err.txt; then
+ fatal "checkout with path traversal unexpectedly succeeded"
+fi
+assert_file_has_content_literal err.txt 'Invalid / in filename ../afile'
+echo "ok path traverse checkout"
projects / ostree.git / commitdiff