From a29738212841dcb699dc397ad66c3416324eccf8 Mon Sep 17 00:00:00 2001 From: Vincent Douillet Date: Thu, 26 Dec 2024 17:25:35 +0100 Subject: remove check_request_path because we have unveil --- browse.c | 8 -------- download.c | 18 +++++++++--------- test.c | 19 +++++++++++++++++++ url.c | 37 ------------------------------------- url.h | 8 -------- 5 files changed, 28 insertions(+), 62 deletions(-) diff --git a/browse.c b/browse.c index 6cd0fd6..a230fe0 100644 --- a/browse.c +++ b/browse.c @@ -294,14 +294,6 @@ browse(struct kreq * r) KHTTP_200, "" }; - /* check that the requested URL can be safely processed */ - if (!check_request_path(r->path, r->suffix)) { - ret = (struct http_ret) { - KHTTP_400, - "browse: Invalid request path" - }; - goto end; - } /* list requested directory content */ file = file_new(r->path); if (file == NULL) { diff --git a/download.c b/download.c index 02625fc..e80a51c 100644 --- a/download.c +++ b/download.c @@ -92,14 +92,6 @@ download(struct kreq * r) KHTTP_200, "" }; - /* check that the requested URL can be safely processed */ - if (strlen(r->path) == 0 || !check_request_path(r->path, r->suffix)) { - ret = (struct http_ret) { - KHTTP_400, - "download: invalid request path" - }; - goto end; - } /* build requested file path, with suffix or without */ if (strlen(r->suffix) > 0) { if (snprintf(request_path, sizeof(request_path), "%s.%s", r->path, r->suffix) @@ -129,6 +121,15 @@ download(struct kreq * r) }; goto end; } + /* we do not support downloading folders */ + if (f->is_dir) { + ret = (struct http_ret) { + KHTTP_400, + "download: can't download folder" + }; + goto end; + } + /* memory map the file */ path_size = file_get_data_path(f, file_path, PATH_MAX, NULL); if (path_size == 0 || path_size >= PATH_MAX) { ret = (struct http_ret) { @@ -137,7 +138,6 @@ download(struct kreq * r) }; goto end; } - /* memory map the file */ fd = open(file_path, O_RDONLY); if (fd < 0) { ret = (struct http_ret) { diff --git a/test.c b/test.c index 802afc5..3738ced 100644 --- a/test.c +++ b/test.c @@ -3,6 +3,7 @@ #include "browse.h" #include "delete.h" +#include "download.h" #include "http.h" #include "upload.h" #include "url.h" @@ -91,6 +92,23 @@ test_upload_post() return 0; } +static char * +test_download() +{ + struct kreq r; + struct http_ret ret; + + r = (struct kreq) { + .pname = "/vault", + .path = "a", + .suffix = "txt", + }; + ret = download(&r); + + mu_assert("error, download failed!", ret.code <= KHTTP_400); + return 0; +} + static char * test_delete_get() { @@ -163,6 +181,7 @@ all_tests() mu_run_test(test_browse_invalid_traversal); mu_run_test(test_browse_path_too_long); mu_run_test(test_url_build); + mu_run_test(test_download); mu_run_test(test_upload_post); mu_run_test(test_delete_get); mu_run_test(test_delete_post); diff --git a/url.c b/url.c index 977edea..26e737f 100644 --- a/url.c +++ b/url.c @@ -42,43 +42,6 @@ #include "str.h" #include "url.h" -bool -check_request_path(const char *path, const char *suffix) -{ - char p [PATH_MAX], resolved[PATH_MAX]; - char *rp, *data_dir; - - data_dir = config_data_dir(); - if (data_dir == NULL) - return false; - - /* build absolute path from DATA_DIR */ - if (strlcpy(p, data_dir, sizeof(p)) >= sizeof(p)) - return false; - if (strlcat(p, "/", sizeof(p)) >= sizeof(p)) - return false; - if (strlcat(p, path, sizeof(p)) >= sizeof(p)) - return false; - if (strlen(suffix) > 0) { - /* add suffix */ - if (strlcat(p, ".", sizeof(p)) >= sizeof(p)) - return false; - if (strlcat(p, suffix, sizeof(p)) >= sizeof(p)) - return false; - } - /* canonicalize the path */ - rp = realpath(p, resolved); - if (rp == NULL) - return false; - - /* path must start with DATA_DIR */ - rp[PATH_MAX - 1] = '\0'; - if (strstr(rp, data_dir) != rp) - return false; - - return true; -} - char * url_encode(const char *str) { diff --git a/url.h b/url.h index d1d638b..a962785 100644 --- a/url.h +++ b/url.h @@ -33,14 +33,6 @@ #include -/* - * Checks that the path can be safely processed. Namely, it should not contain - * "..", which denotes an attempt to get out of the DATA_DIR root folder. - * The path is required. - * The suffix is required but can be an empty string - */ -bool -check_request_path(const char *, const char *); /* * Encode a string to use in an HTTP context. * Returns NULL in case of error, or the encoded string in case of success. -- cgit v1.2.3