From 102ea9409d65b02e9007461115f6aebe037c7cfd Mon Sep 17 00:00:00 2001 From: lda Date: Sat, 25 May 2024 18:07:44 +0200 Subject: [PATCH 1/2] [FIX/WIP] Try fixing sanitisation issue --- src/Db.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/src/Db.c b/src/Db.c index 22456ac..d264ea1 100644 --- a/src/Db.c +++ b/src/Db.c @@ -218,19 +218,38 @@ DbHashKey(Array * args) return str; } +static char +DbSanitiseChar(char input) +{ + switch (input) + { + case '/': + return '_'; + case '.': + return '-'; + } + return input; +} + static char * DbDirName(Db * db, Array * args, size_t strip) { - size_t i; + size_t i, j; char *str = StrConcat(2, db->dir, "/"); for (i = 0; i < ArraySize(args) - strip; i++) { char *tmp; + char *sanitise = ArrayGet(args, i); + for (j = 0; j < strlen(sanitise); j++) + { + sanitise[j] = DbSanitiseChar(sanitise[j]); + } - tmp = StrConcat(3, str, ArrayGet(args, i), "/"); + tmp = StrConcat(3, str, sanitise, "/"); Free(str); + Free(sanitise); str = tmp; } @@ -253,17 +272,7 @@ DbFileName(Db * db, Array * args) /* Sanitize name to prevent directory traversal attacks */ while (arg[j]) { - switch (arg[j]) - { - case '/': - arg[j] = '_'; - break; - case '.': - arg[j] = '-'; - break; - default: - break; - } + arg[j] = DbSanitiseChar(arg[j]); j++; } -- 2.45.2 From de24e5f436c275ff3329efc94b9e51adbdae8796 Mon Sep 17 00:00:00 2001 From: lda Date: Sat, 25 May 2024 19:41:15 +0200 Subject: [PATCH 2/2] [FIX] Fix allocation mistake --- src/Db.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Db.c b/src/Db.c index d264ea1..4128a89 100644 --- a/src/Db.c +++ b/src/Db.c @@ -240,7 +240,7 @@ DbDirName(Db * db, Array * args, size_t strip) for (i = 0; i < ArraySize(args) - strip; i++) { char *tmp; - char *sanitise = ArrayGet(args, i); + char *sanitise = StrDuplicate(ArrayGet(args, i)); for (j = 0; j < strlen(sanitise); j++) { sanitise[j] = DbSanitiseChar(sanitise[j]); -- 2.45.2