From: José Bollo <jose.bollo@iot.bzh>
Date: Wed, 9 Dec 2015 13:22:42 +0000 (+0100)
Subject: validation of the path
X-Git-Tag: 2.0.2~160
X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=commitdiff_plain;h=0270b7281b783cbea5c1f0ebb4440d2be1bd79fa;p=src%2Fapp-framework-main.git

validation of the path

Change-Id: I3ae984e787335264cd7f88f239453ff10c900ee2
---

diff --git a/wgt-rootdir.c b/wgt-rootdir.c
index b7d9066..4df1705 100644
--- a/wgt-rootdir.c
+++ b/wgt-rootdir.c
@@ -18,8 +18,7 @@
 
 #include <unistd.h>
 #include <fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
+#include <errno.h>
 
 #include "wgt.h"
 
@@ -43,13 +42,56 @@ int widget_set_rootdir(const char *pathname)
 	return 0;
 }
 
+static int validsubpath(const char *subpath)
+{
+	int l = 0, i = 0;
+	if (subpath[i] == '/')
+		return 0;
+	while(subpath[i]) {
+		switch(subpath[i++]) {
+		case '.':
+			if (!subpath[i])
+				break;
+			if (subpath[i] == '/') {
+				i++;
+				break;
+			}
+			if (subpath[i++] == '.') {
+				if (!subpath[i]) {
+					l--;
+					break;
+				}
+				if (subpath[i++] == '/') {
+					l--;
+					break;
+				}
+			}
+		default:
+			while(subpath[i] && subpath[i] != '/')
+				i++;
+			l++;
+		case '/':
+			break;
+		}
+	}
+	return l >= 0;
+}
+
 int widget_has(const char *filename)
 {
+	if (!validsubpath(filename)) {
+		errno = EINVAL;
+		return -1;
+	}
 	return 0 == faccessat(rootfd, filename, F_OK, 0);
 }
 
 int widget_open_read(const char *filename)
 {
+	if (!validsubpath(filename)) {
+		errno = EINVAL;
+		return -1;
+	}
 	return openat(rootfd, filename, O_RDONLY);
 }