improve fix for symlink attacks to check subdirectories for symlinks too
before writingmaster
joey
parent
2a16e15122
commit
efe91335c6
|
|
@ -425,7 +425,7 @@ sub cgi_editpage ($$) { #{{{
|
|||
my $content=$form->field('content');
|
||||
$content=~s/\r\n/\n/g;
|
||||
$content=~s/\r/\n/g;
|
||||
writefile("$config{srcdir}/$file", $content);
|
||||
writefile($file, $config{srcdir}, $content);
|
||||
|
||||
my $message="web commit ";
|
||||
if (length $session->param("name")) {
|
||||
|
|
|
|||
|
|
@ -349,7 +349,7 @@ sub render ($) { #{{{
|
|||
$content=htmlize($type, $content);
|
||||
|
||||
check_overwrite("$config{destdir}/".htmlpage($page), $page);
|
||||
writefile("$config{destdir}/".htmlpage($page),
|
||||
writefile(htmlpage($page), $config{destdir},
|
||||
genpage($content, $page, mtime($srcfile)));
|
||||
$oldpagemtime{$page}=time;
|
||||
$renderedfiles{$page}=htmlpage($page);
|
||||
|
|
@ -358,14 +358,14 @@ sub render ($) { #{{{
|
|||
# check_overwrite, as above, but currently renderedfiles
|
||||
# only supports listing one file per page.
|
||||
if ($config{rss} && exists $inlinepages{$page}) {
|
||||
writefile("$config{destdir}/".rsspage($page),
|
||||
writefile(rsspage($page), $config{destdir},
|
||||
genrss($content, $page, mtime($srcfile)));
|
||||
}
|
||||
}
|
||||
else {
|
||||
$links{$file}=[];
|
||||
check_overwrite("$config{destdir}/$file", $file);
|
||||
writefile("$config{destdir}/$file", $content);
|
||||
writefile($file, $config{destdir}, $content);
|
||||
$oldpagemtime{$file}=time;
|
||||
$renderedfiles{$file}=$file;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -161,7 +161,8 @@ page from the web, which follows the symlink when reading the page, and
|
|||
again when saving the changed page.
|
||||
|
||||
This was fixed by making ikiwiki refuse to read or write to files that are
|
||||
symlinks, combined with the above locking.
|
||||
symlinks, or that are in subdirectories that are symlinks, combined with
|
||||
the above locking.
|
||||
|
||||
## underlaydir override attacks
|
||||
|
||||
|
|
|
|||
17
ikiwiki
17
ikiwiki
|
|
@ -202,15 +202,20 @@ sub readfile ($) { #{{{
|
|||
return $ret;
|
||||
} #}}}
|
||||
|
||||
sub writefile ($$) { #{{{
|
||||
my $file=shift;
|
||||
sub writefile ($$$) { #{{{
|
||||
my $file=shift; # can include subdirs
|
||||
my $destdir=shift; # directory to put file in
|
||||
my $content=shift;
|
||||
|
||||
if (-l $file) {
|
||||
error("cannot write to a symlink ($file)");
|
||||
my $test=$file;
|
||||
while (length $test) {
|
||||
if (-l "$destdir/$test") {
|
||||
error("cannot write to a symlink ($test)");
|
||||
}
|
||||
$test=dirname($test);
|
||||
}
|
||||
|
||||
my $dir=dirname($file);
|
||||
my $dir=dirname("$destdir/$file");
|
||||
if (! -d $dir) {
|
||||
my $d="";
|
||||
foreach my $s (split(m!/+!, $dir)) {
|
||||
|
|
@ -221,7 +226,7 @@ sub writefile ($$) { #{{{
|
|||
}
|
||||
}
|
||||
|
||||
open (OUT, ">$file") || error("failed to write $file: $!");
|
||||
open (OUT, ">$destdir/$file") || error("failed to write $destdir/$file: $!");
|
||||
print OUT $content;
|
||||
close OUT;
|
||||
} #}}}
|
||||
|
|
|
|||
Loading…
Reference in New Issue