Context Navigation

Back to Ticket #10183

Ticket #10183: 0002-Check-the-given-path-for.patch

File 0002-Check-the-given-path-for.patch, 1.2 KB (added by jackburton, 10 years ago)
Avoid creating interface for paths with ".."

src/add-ons/kernel/network/devices/ethernet/ethernet.cpp

From 3ed0a51423e9bf02fc1877904ac1abdbe552aade Mon Sep 17 00:00:00 2001
From: Stefano Ceccherini <stefano.ceccherini@gmail.com>
Date: Sat, 9 Nov 2013 21:32:35 +0100
Subject: [PATCH] Check the given path for ".."

---
 .../kernel/network/devices/ethernet/ethernet.cpp   |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/add-ons/kernel/network/devices/ethernet/ethernet.cpp b/src/add-ons/kernel/network/devices/ethernet/ethernet.cpp
index d989075..0e5941a 100644

                ethernet_link_checker(void *)
 status_t
 ethernet_init(const char *name, net_device **_device)
+{
+    // make sure this is a device in /dev/net, but not the
+    // networking (userland) stack driver
+    // Make sure this is a device in /dev/net, but not the
+    // networking (userland) stack driver.
+    // Also make sure the user didn't pass a path like
+    // /dev/net/../etc.
     if (strncmp(name, "/dev/net/", 9)
+        || !strcmp(name, "/dev/net/userland_server"))
+        || !strcmp(name, "/dev/net/userland_server")
+        || strstr(name, "..") != NULL)
         return B_BAD_VALUE;
     if (access(name, F_OK) != 0)

Download in other formats:

Original Format