diff options
| author | Andrew Cady <d@jerkface.net> | 2023-05-31 07:57:24 -0400 |
|---|---|---|
| committer | Andrew Cady <d@jerkface.net> | 2023-05-31 08:00:18 -0400 |
| commit | 4b2bff5030aa12cfb383a224b8e3937c17d49984 (patch) | |
| tree | 3b0e0d6ba10c5c51e2d6c737ce82524ebf96c46c | |
| parent | 69d0b48e412b8290b8c40ed17a0c716b4d3d4e66 (diff) | |
improve ssh command parsing
check for and forbid .. and empty basename
simplify
| -rw-r--r-- | src/endofossil | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/endofossil b/src/endofossil index dd86bb3..382dde5 100644 --- a/src/endofossil +++ b/src/endofossil | |||
| @@ -28,13 +28,13 @@ case "$SSH_ORIGINAL_COMMAND" in | |||
| 28 | fossil\ test-http\ * ) | 28 | fossil\ test-http\ * ) |
| 29 | set -- $SSH_ORIGINAL_COMMAND | 29 | set -- $SSH_ORIGINAL_COMMAND |
| 30 | [ $# = 3 ] | 30 | [ $# = 3 ] |
| 31 | f=/${3%$require_extension}$require_extension | 31 | case "$3" in */../* | ../* | */.. ) exit 1 ;; esac |
| 32 | for d in "${shared_paths[@]}" | 32 | for d in "${shared_paths[@]}" |
| 33 | do | 33 | do |
| 34 | relativePart=${d#*/./} | 34 | f=${3#/${d##*/./}} |
| 35 | absolutePart=${d%$relativePart} | 35 | f=${f%$require_extension}$require_extension |
| 36 | tryPath=$absolutePart$relativePart${f#/$relativePart} | 36 | [ "$f" != "$require_extension" ] |
| 37 | if upstreamDatabase=$(realpath -e -s "$tryPath") | 37 | if upstreamDatabase=$(realpath -e -s "$d"/"$f") |
| 38 | then | 38 | then |
| 39 | break | 39 | break |
| 40 | fi | 40 | fi |