NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitb426bd4

committed

Simplify coding around path_contains_parent_reference().

Given the existing stipulation that path_contains_parent_reference()must only be invoked on canonicalized paths, we can simplify thingsin the wake of commitc10f830. It is now only possible to see".." at the start of a relative path. That means we can simplifypath_contains_parent_reference() itself quite a bit, and it makesthe two existing outside call sites dead code, since they'd alreadychecked that the path is absolute.We could now fold path_contains_parent_reference() into its onlyremaining caller path_is_relative_and_below_cwd(). But it seemsbetter to leave it as a separately callable function, in case anyextensions are using it.Also document the pre-existing requirement forpath_is_relative_and_below_cwd's input to be likewise canonicalized.Shenhao Wang and Tom LaneDiscussion:https://postgr.es/m/OSBPR01MB4214FA221FFE046F11F2AD74F2D49@OSBPR01MB4214.jpnprd01.prod.outlook.com

1 parentc10f830 commitb426bd4Copy full SHA for b426bd4

File tree

3 files changed

+13

-30

lines changed

contrib/adminpack
- adminpack.c
src
- backend/utils/adt
  - genfile.c
- port
  - path.c

3 files changed

+13

-30

lines changed

`‎contrib/adminpack/adminpack.c`

Lines changed: 0 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -88,12 +88,6 @@ convert_and_check_filename(text *arg)`
`88`	`88`	`*/`
`89`	`89`	`if (is_absolute_path(filename))`
`90`	`90`	`{`
`91`		`-/* Disallow '/a/b/data/..' */`
`92`		`-if (path_contains_parent_reference(filename))`
`93`		`-ereport(ERROR,`
`94`		`-(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`95`		`-errmsg("reference to parent directory (\"..\") not allowed")));`
`96`		`-`
`97`	`91`	`/* Allow absolute paths if within DataDir */`
`98`	`92`	`if (!path_is_prefix_of_path(DataDir,filename))`
`99`	`93`	`ereport(ERROR,`

`‎src/backend/utils/adt/genfile.c`

Lines changed: 0 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -72,12 +72,6 @@ convert_and_check_filename(text *arg)`
`72`	`72`	`*/`
`73`	`73`	`if (is_absolute_path(filename))`
`74`	`74`	`{`
`75`		`-/* Disallow '/a/b/data/..' */`
`76`		`-if (path_contains_parent_reference(filename))`
`77`		`-ereport(ERROR,`
`78`		`-(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`79`		`-errmsg("reference to parent directory (\"..\") not allowed")));`
`80`		`-`
`81`	`75`	`/*`
`82`	`76`	`* Allow absolute paths if within DataDir or Log_directory, even`
`83`	`77`	`* though Log_directory might be outside DataDir.`

`‎src/port/path.c`

Lines changed: 13 additions & 18 deletions

Original file line number	Diff line number	Diff line change
`@@ -494,38 +494,33 @@ canonicalize_path(char *path)`
`494`	`494`	`* Detect whether a path contains any parent-directory references ("..")`
`495`	`495`	`*`
`496`	`496`	`* The input must have been put through canonicalize_path previously.`
`497`		`- *`
`498`		`- * This is a bit tricky because we mustn't be fooled by "..a.." (legal)`
`499`		`- * nor "C:.." (legal on Unix but not Windows).`
`500`	`497`	`*/`
`501`	`498`	`bool`
`502`	`499`	`path_contains_parent_reference(constchar*path)`
`503`	`500`	`{`
`504`		`-intpath_len;`
`505`		`-`
`506`		`-path=skip_drive(path);/* C: shouldn't affect our conclusion */`
`507`		`-`
`508`		`-path_len=strlen(path);`
`509`		`-`
`510`	`501`	`/*`
`511`		`- * ".." could be the whole path; otherwise, if it's present it must be at`
`512`		`- * the beginning, in the middle, or at the end.`
	`502`	`+ * Once canonicalized, an absolute path cannot contain any ".." at all,`
	`503`	`+ * while a relative path could contain ".."(s) only at the start. So it`
	`504`	`+ * is sufficient to check the start of the path, after skipping any`
	`505`	`+ * Windows drive/network specifier.`
`513`	`506`	`*/`
`514`		`-if (strcmp(path,"..")==0\|\|`
`515`		`-strncmp(path,"../",3)==0\|\|`
`516`		`-strstr(path,"/../")!=NULL\|\|`
`517`		`-(path_len >=3&&strcmp(path+path_len-3,"/..")==0))`
	`507`	`+path=skip_drive(path);/* C: shouldn't affect our conclusion */`
	`508`	`+`
	`509`	`+if (path[0]=='.'&&`
	`510`	`+path[1]=='.'&&`
	`511`	`+(path[2]=='\0'\|\|path[2]=='/'))`
`518`	`512`	`return true;`
`519`	`513`
`520`	`514`	`return false;`
`521`	`515`	`}`
`522`	`516`
`523`	`517`	`/*`
`524`	`518`	`* Detect whether a path is only in or below the current working directory.`
	`519`	`+ *`
	`520`	`+ * The input must have been put through canonicalize_path previously.`
	`521`	`+ *`
`525`	`522`	`* An absolute path that matches the current working directory should`
`526`		`- * return false (we only want relative to the cwd). We don't allow`
`527`		`- * "/../" even if that would keep us under the cwd (it is too hard to`
`528`		`- * track that).`
	`523`	`+ * return false (we only want relative to the cwd).`
`529`	`524`	`*/`
`530`	`525`	`bool`
`531`	`526`	`path_is_relative_and_below_cwd(constchar*path)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb426bd4

File tree

3 files changed

3 files changed

`‎contrib/adminpack/adminpack.c`

`‎src/backend/utils/adt/genfile.c`

`‎src/port/path.c`

0 commit comments