From: Sergey Matveev <stargrave@stargrave.org>
Date: Sat, 21 Jan 2017 11:44:33 +0000 (+0300)
Subject: Check that path taken from the packets is relative
X-Git-Tag: 0.5^2~5
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=a8eed396b539978eac45cfd9f326faa5687e5d24;p=nncp.git

Check that path taken from the packets is relative
---

diff --git a/src/cypherpunks.ru/nncp/toss.go b/src/cypherpunks.ru/nncp/toss.go
index 9d17053..8a48e91 100644
--- a/src/cypherpunks.ru/nncp/toss.go
+++ b/src/cypherpunks.ru/nncp/toss.go
@@ -163,6 +163,11 @@ func (ctx *Ctx) Toss(nodeId *NodeId, nice uint8, dryRun bool) bool {
 		case PktTypeFile:
 			dst := string(pkt.Path[:int(pkt.PathLen)])
 			sds := SdsAdd(sds, SDS{"type": "file", "dst": dst})
+			if filepath.IsAbs(dst) {
+				ctx.LogE("rx", sds, "non-relative destination path")
+				isBad = true
+				goto Closing
+			}
 			incoming := ctx.Neigh[*job.PktEnc.Sender].Incoming
 			if incoming == nil {
 				ctx.LogE("rx", sds, "incoming is not allowed")
@@ -237,6 +242,11 @@ func (ctx *Ctx) Toss(nodeId *NodeId, nice uint8, dryRun bool) bool {
 			}
 		case PktTypeFreq:
 			src := string(pkt.Path[:int(pkt.PathLen)])
+			if filepath.IsAbs(src) {
+				ctx.LogE("rx", sds, "non-relative source path")
+				isBad = true
+				goto Closing
+			}
 			sds := SdsAdd(sds, SDS{"type": "freq", "src": src})
 			dstRaw, err := ioutil.ReadAll(pipeR)
 			if err != nil {