mirror of
https://github.com/znc/znc.git
synced 2026-03-28 17:42:41 +01:00
c7583c4946
A common pattern for checking directories in ZNC is the following: sAbsolutePath = CDir::ChangeDir(sAllowedPath, sFile); if (sAbsolutePath.Left(sAllowedPath.length()) != sAllowedPath) Error; But there is a problem: If sAllowedPath doesn't end with a slash, we are vulnerable to an attack. If e.g. sAllowedPath = "/foo/bar", then sFile = "../bartender" would result in sAbsolutePath = "/foo/bartender". Since this path does begin with sAllowedPath, the code allowed it. There shouldn't be any places where this can be exploited currently, but it is still a security bug (path traversal). git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1569 726aef4b-f618-498e-8847-2d620e286838