fix bug in untainting code by splitting up the file checks into two pieces

one checks for legal characters and the other checks for legal characters AND
legal directories.
This commit is contained in:
kestes%walrus.com 2001-08-02 20:04:25 +00:00
Родитель fad5a324d4
Коммит 0cfc60c491
7 изменённых файлов: 43 добавлений и 45 удалений

Просмотреть файл

@ -4,8 +4,8 @@
# mailprocessing program.
# $Revision: 1.7 $
# $Date: 2001-07-20 19:04:59 $
# $Revision: 1.8 $
# $Date: 2001-08-02 20:04:25 $
# $Author: kestes%walrus.com $
# $Source: /home/jrmuizel/cvs-mirror/mozilla/webtools/tinderbox2/src/lib/MailProcess.pm,v $
# $Name: $
@ -326,7 +326,7 @@ sub write_update_file {
$update_file =~ s/([^0-9a-zA-Z\.\-\_\/\:]+)/\./g;
$update_file = main::extract_filename_chars($update_file);
$update_file = main::extract_safe_filename($update_file);
# We are done, tell the tinderserver about this build.

Просмотреть файл

@ -14,8 +14,8 @@
# was spend in 32878 calls to Data::Dumper::_dump()
# $Revision: 1.8 $
# $Date: 2001-07-20 19:05:07 $
# $Revision: 1.9 $
# $Date: 2001-08-02 20:04:23 $
# $Author: kestes%walrus.com $
# $Source: /home/jrmuizel/cvs-mirror/mozilla/webtools/tinderbox2/src/lib/Persistence/Dumper.pm,v $
# $Name: $
@ -70,7 +70,7 @@ sub save_structure {
my ($data_refs, $data_file,) = @_;
# This may be the output of a glob, make it taint safe.
$data_file = main::extract_filename_chars($data_file);
$data_file = main::extract_safe_filename($data_file);
# Create a text representation of the data we wish to save. We need
# only eval this string to get back the data. We pick the name of
@ -95,7 +95,7 @@ sub load_structure {
my ($data_file,) = @_;
# This may be the output of a glob, make it taint safe.
$data_file = main::extract_filename_chars($data_file);
$data_file = main::extract_safe_filename($data_file);
(-r $data_file) || (-R $data_file) ||
die("data file: $data_file is not readable\n");

Просмотреть файл

@ -9,8 +9,8 @@
# browser.
# $Revision: 1.5 $
# $Date: 2001-07-20 19:05:07 $
# $Revision: 1.6 $
# $Date: 2001-08-02 20:04:23 $
# $Author: kestes%walrus.com $
# $Source: /home/jrmuizel/cvs-mirror/mozilla/webtools/tinderbox2/src/lib/Persistence/Storable.pm,v $
# $Name: $
@ -71,7 +71,7 @@ sub save_structure {
my ($data_refs, $data_file,) = @_;
# This may be the output of a glob, make it taint safe.
$data_file = main::extract_filename_chars($data_file);
$data_file = main::extract_safe_filename($data_file);
my ($tmpfile) = "$data_file.$main::UID";
@ -89,7 +89,7 @@ sub load_structure {
my ($data_file,) = @_;
# This may be the output of a glob, make it taint safe.
$data_file = main::extract_filename_chars($data_file);
$data_file = main::extract_safe_filename($data_file);
(-r $data_file) || (-R $data_file) ||
die("data file: $data_file is not readable\n");

Просмотреть файл

@ -74,7 +74,7 @@ use TreeData;
use VCDisplay;
$VERSION = ( qw $Revision: 1.8 $ )[1];
$VERSION = ( qw $Revision: 1.9 $ )[1];
@ISA = qw(TinderDB::BasicTxtDB);
@ -119,12 +119,11 @@ sub apply_db_updates {
scalar(@sorted_files) || return 0;
foreach $update_file (@sorted_files) {
my ($full_file) = "$dirname/$update_file";
my ($record) = Persistence::load_structure($full_file);
foreach $file (@sorted_files) {
my ($record) = Persistence::load_structure($file);
($record) ||
die("Error reading Bug Tracking update file '$full_file'.\n");
die("Error reading Bug Tracking update file '$file'.\n");
my($timenow) = $record->{'tinderbox_timenow'};
@ -134,11 +133,11 @@ sub apply_db_updates {
# sanity check the record, taint checks are done in processmail.
{
($tree eq $record->{'tinderbox_tree'}) ||
die("Error in updatefile: $full_file, ".
die("Error in updatefile: $file, ".
"Tree: $tree, not equal to Tree: $record->{'tree'}.");
(main::is_time_valid($timenow)) ||
die("Error in updatefile: $full_file, ".
die("Error in updatefile: $file, ".
"timenow: $timenow, is not a valid time.");
}
@ -169,7 +168,7 @@ sub apply_db_updates {
$self->savetree_db($tree);
$self->unlink_files($dirname, @sorted_files);
$self->unlink_files(@sorted_files);
return scalar(@sorted_files);
}
@ -278,7 +277,7 @@ sub status_table_row {
$num_rows++;
$table .= (
"\t".
"<font size=-1><tt>$field</tt></font>".
"<tt>$field</tt>".
": ".
$value.
"<br>\n".

Просмотреть файл

@ -6,8 +6,8 @@
# as a Dump of the $DATABASE reference.
# $Revision: 1.6 $
# $Date: 2001-07-20 19:05:11 $
# $Revision: 1.7 $
# $Date: 2001-08-02 20:04:21 $
# $Author: kestes%walrus.com $
# $Source: /home/jrmuizel/cvs-mirror/mozilla/webtools/tinderbox2/src/lib/TinderDB/BasicTxtDB.pm,v $
# $Name: $
@ -50,7 +50,7 @@ use FileStructure;
use Persistence;
$VERSION = ( qw $Revision: 1.6 $ )[1];
$VERSION = ( qw $Revision: 1.7 $ )[1];
# To help preserve the database in the event of a serious system
@ -105,13 +105,12 @@ sub db_file {
sub unlink_files {
my ($self, $dir, @files) = @_;
my ($self, @files) = @_;
foreach $file (@files) {
$full_file = "$dir/$file";
# This may be the output of a glob, make it taint safe.
$full_file = main::extract_filename_chars($full_file);
$full_file = main::extract_safe_filename($file);
unlink ("$full_file") ||
die("Could not remove filename: '$full_file': $!\n");
@ -152,7 +151,7 @@ sub readdir_file_prefix {
# make it taint safe.
my (@untainted_files) = map { main::extract_filename_chars($_) }
my (@untainted_files) = map { main::extract_safe_filename("$dir/$_") }
@sorted_files;
return @untainted_files;
@ -204,8 +203,9 @@ sub loadtree_db {
# ignore unlink errors, cleaning up the directory is not important.
foreach $file (@sorted_files) {
$file = main::extract_filename_chars($file);
my @extra_files = grep {!/^${filename}$/} @sorted_files;
foreach $file (@extra_files) {
$file = main::extract_safe_filename($file);
unlink($file);
}

Просмотреть файл

@ -7,8 +7,8 @@
# the build was and display a link to the build log.
# $Revision: 1.21 $
# $Date: 2001-07-20 19:05:11 $
# $Revision: 1.22 $
# $Date: 2001-08-02 20:04:20 $
# $Author: kestes%walrus.com $
# $Source: /home/jrmuizel/cvs-mirror/mozilla/webtools/tinderbox2/src/lib/TinderDB/Build.pm,v $
# $Name: $
@ -730,12 +730,11 @@ sub apply_db_updates {
scalar(@sorted_files) || return 0;
foreach $update_file (@sorted_files) {
my $full_file = "$dirname/$update_file";
my ($record) = Persistence::load_structure($full_file);
foreach $file (@sorted_files) {
my ($record) = Persistence::load_structure($file);
($record) ||
die("Error reading Build update file '$full_file'.\n");
die("Error reading Build update file '$file'.\n");
my ($build) = $record->{'buildname'};
my ($buildstatus) = $record->{'status'};
@ -747,22 +746,22 @@ sub apply_db_updates {
# sanity check the record, taint checks are done in processmail.
{
BuildStatus::is_status_valid($buildstatus) ||
die("Error in updatefile: $full_file, Status not valid");
die("Error in updatefile: $file, Status not valid");
($tree eq $record->{'tree'}) ||
die("Error in updatefile: $full_file, ".
die("Error in updatefile: $file, ".
"Tree: $tree, equal to Tree: $record->{'tree'}.");
(main::is_time_valid($starttime)) ||
die("Error in updatefile: $full_file, ".
die("Error in updatefile: $file, ".
"starttime: $starttime, is not a valid time.");
(main::is_time_valid($timenow)) ||
die("Error in updatefile: $full_file, ".
die("Error in updatefile: $file, ".
"timenow: $timenow, is not a valid time.");
($starttime <= $timenow) ||
die("Error in updatefile: $full_file, ".
die("Error in updatefile: $file, ".
"starttime: $starttime, is less then timenow: $timenow.");
}
@ -897,7 +896,7 @@ sub apply_db_updates {
$self->savetree_db($tree);
$self->unlink_files($dirname, @sorted_files);
$self->unlink_files(@sorted_files);
return scalar(@sorted_files);
}

Просмотреть файл

@ -79,7 +79,7 @@ use Utils;
use HTMLPopUp;
use TinderDB::BasicTxtDB;
$VERSION = ( qw $Revision: 1.9 $ )[1];
$VERSION = ( qw $Revision: 1.10 $ )[1];
@ISA = qw(TinderDB::BasicTxtDB);
@ -150,10 +150,10 @@ sub apply_db_updates {
# This require will set a variable called $record with all
# the info from this build update.
my ($record) = Persistence::load_structure("$dirname/$update_file");
my ($record) = Persistence::load_structure("$update_file");
($record) ||
die("Error reading Notice update file '$dirname/$update_file'.\n");
die("Error reading Notice update file '$update_file'.\n");
my $time = $record->{'time'};
my $mailaddr = $record->{'mailaddr'};
@ -177,7 +177,7 @@ sub apply_db_updates {
$self->savetree_db($tree);
$self->unlink_files($dirname, @sorted_files);
$self->unlink_files(@sorted_files);
return scalar(@sorted_files);
}