Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
io_bail!("invalid file name (missing terminating zero)");
}
io_bail!("invalid file name (missing terminating zero)");
}
- if path.is_empty() {
- io_bail!("invalid empty file name");
- }
-
- if path.contains(&b'/') {
- io_bail!("illegal path found (contains slashes, this is a security concern)");
- }
+ crate::util::validate_filename(&path)?;
let file_name = PathBuf::from(OsString::from_vec(path));
format::check_file_name(&file_name)?;
let file_name = PathBuf::from(OsString::from_vec(path));
format::check_file_name(&file_name)?;
if data.pop() != Some(0) {
io_bail!("illegal path found (missing terminating zero)");
}
if data.pop() != Some(0) {
io_bail!("illegal path found (missing terminating zero)");
}
- if data.is_empty() {
- io_bail!("illegal path found (empty)");
- }
- if data.contains(&b'/') {
- io_bail!("illegal path found (contains slashes, this is a security concern)");
- }
+
+ crate::util::validate_filename(&data)?;
let path = PathBuf::from(OsString::from_vec(data));
self.set_path(&path)?;
let path = PathBuf::from(OsString::from_vec(data));
self.set_path(&path)?;
}
async fn encode_filename(&mut self, file_name: &[u8]) -> io::Result<()> {
}
async fn encode_filename(&mut self, file_name: &[u8]) -> io::Result<()> {
- if file_name.contains(&b'/') {
- io_bail!("slash in file name not permitted");
- }
+ crate::util::validate_filename(file_name)?;
seq_write_pxar_entry_zero(&mut self.output, format::PXAR_FILENAME, file_name).await
}
seq_write_pxar_entry_zero(&mut self.output, format::PXAR_FILENAME, file_name).await
}
}
unsafe fn ignore_drop(_: *const ()) {}
}
unsafe fn ignore_drop(_: *const ()) {}
+
+pub fn validate_filename(name: &[u8]) -> io::Result<()> {
+ if name.is_empty() {
+ io_bail!("illegal path found (empty)");
+ }
+
+ if name.contains(&b'/') {
+ io_bail!("illegal path found (contains slashes, this is a security concern)");
+ }
+
+ if name == b"." {
+ io_bail!("illegal path found: '.'");
+ }
+
+ if name == b".." {
+ io_bail!("illegal path found: '..'");
+ }
+
+ Ok(())
+}