Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-06-23 15:30:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Forgot to use realpath()

Browse Source
This commit is contained in:
Kovid Goyal 2011-11-03 08:33:19 +05:30
parent d43d661830
commit 99e686faf5
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/calibre/devices/linux_mount_helper.c
View File

@ -1,3 +1,4 @@
#include <limits.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <unistd.h> #include <unistd.h>
@ -36,17 +37,35 @@ void ensure_root() {
} }
int check_args(const char *dev, const char *mp) { int check_args(const char *dev, const char *mp) {
char buffer[PATH_MAX+1];
if (dev == NULL || strlen(dev) < strlen(DEV) || mp == NULL || strlen(mp) < strlen(MEDIA)) { if (dev == NULL || strlen(dev) < strlen(DEV) || mp == NULL || strlen(mp) < strlen(MEDIA)) {
fprintf(stderr, "Invalid arguments\n"); fprintf(stderr, "Invalid arguments\n");
return False; return False;
} }
if (strncmp(MEDIA, mp, strlen("MEDIA")) != 0) { if (exists(mp)) {
if (realpath(mp, buffer) == NULL) {
fprintf(stderr, "Unable to resolve mount path\n");
return False;
}
if (strncmp(MEDIA, buffer, strlen(MEDIA)) != 0) {
fprintf(stderr, "Trying to operate on a mount point not under /media is not allowed\n");
return False;
}
}
if (strncmp(MEDIA, mp, strlen(MEDIA)) != 0) {
fprintf(stderr, "Trying to operate on a mount point not under /media is not allowed\n"); fprintf(stderr, "Trying to operate on a mount point not under /media is not allowed\n");
return False; return False;
} }
if (strncmp(DEV, dev, strlen(DEV)) != 0) { if (realpath(dev, buffer) == NULL) {
fprintf(stderr, "Unable to resolve dev path\n");
return False;
}
if (strncmp(DEV, buffer, strlen(DEV)) != 0) {
fprintf(stderr, "Trying to operate on a dev node not under /dev\n"); fprintf(stderr, "Trying to operate on a dev node not under /dev\n");
return False; return False;
} }

4
src/calibre/ptempfile.py
View File

@ -194,4 +194,8 @@ class SpooledTemporaryFile(tempfile.SpooledTemporaryFile):
tempfile.SpooledTemporaryFile.__init__(self, max_size=max_size, suffix=suffix, tempfile.SpooledTemporaryFile.__init__(self, max_size=max_size, suffix=suffix,
prefix=prefix, dir=dir, mode=mode, bufsize=bufsize) prefix=prefix, dir=dir, mode=mode, bufsize=bufsize)
def better_mktemp(*args, **kwargs):
fd, path = tempfile.mkstemp(*args, **kwargs)
os.close(fd)
return path