vtorri
/
enlightenment
forked from enlightenment/enlightenment
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

e sys store - unmount verify its root and right username 

also check for relative paths, shell metachars etc.

fixes T8671
This commit is contained in:
Carsten Haitzler 2020-04-22 14:32:04 +01:00
parent dfed5c2718
commit 800ff4e24f
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/bin/system/e_system_storage.c
View File

@ -164,17 +164,26 @@ _store_umount_verify(const char *mnt)
for (s = mnt; *s; s++) for (s = mnt; *s; s++)
{ {
if (*s == '\\') return EINA_FALSE; if (*s == '\\') return EINA_FALSE;
if ((*s <= '*') || (*s == '`') || (*s == ';') || (*s == '<') ||
(*s == '>') || (*s == '?') || (*s >= '{') ||
((*s >= '[') && (*s <= '^')))
return EINA_FALSE;
} }
if (strstr(mnt, "/..")) return EINA_FALSE;
if (strstr(mnt, "/./")) return EINA_FALSE;
if (strstr(mnt, "//")) return EINA_FALSE;
if (stat(mnt, &st) != 0) return EINA_FALSE; if (stat(mnt, &st) != 0) return EINA_FALSE;
if (!S_ISDIR(st.st_mode)) return EINA_FALSE; if (!S_ISDIR(st.st_mode)) return EINA_FALSE;
tmnt = strdup(mnt); tmnt = strdup(mnt);
if (!tmnt) return EINA_FALSE; if (!tmnt) return EINA_FALSE;
p = strchr(tmnt + 8, '/'); p = strchr(tmnt + 7, '/');
if (!p) goto err; if (!p) goto err;
*p = '\0'; *p = '\0';
if (stat(tmnt, &st) != 0) goto err; if (stat(tmnt, &st) != 0) goto err;
if (st.st_uid != 0) goto err; if (st.st_uid != 0) goto err;
if (st.st_gid != 0) goto err; if (st.st_gid != 0) goto err;
p = tmnt + 7; // after /media/ (so username)
if (strcmp(p + 1, user_name)) goto err; // not user named dir
free(tmnt); free(tmnt);
return EINA_TRUE; return EINA_TRUE;
err: err: