Hello,
I found a problem in current HEAD. When paths from ISC_PATH are
prepended to database name in setPath(), this is not done for names
containing a colon so that we do not try to understand strings like
'1.2.3.4:aaa' as file names in local directory. But this is not
checked in resolveDatabaseAccess() so that with
DatabaseAccess = Restrict /srv/firebird
an attempt to connect to '172.16.114.128:tips' leads to opening local
file /srv/firebird/172.16.114.128:tips
Proposed patch is attached.
Michal Kubeček
From: Michal Kubecek <[email protected]>
Date: Mon, 23 Jul 2012 16:36:27 +0200
Subject: Do not add DatabaseAccess paths to connection strings
In setPath(), we check that supplied name doesn't contain a colon
or a directory separator so that paths from ISC_PATH are not
prepended to connection strings for remote connections. The same
check is needed in expandDatabaseAccess(), otherwise strings
like '1.2.3.4:abcd' won't work if DatabaseAcess is set to
'Restrict ...'.
---
src/common/db_alias.cpp | 51 +++++++++++++++++++----------------------------
1 file changed, 21 insertions(+), 30 deletions(-)
diff --git a/src/common/db_alias.cpp b/src/common/db_alias.cpp
index a1f357d..d16b421 100644
--- a/src/common/db_alias.cpp
+++ b/src/common/db_alias.cpp
@@ -261,6 +261,16 @@ namespace
InitInstance<AliasesConf> aliasesConf;
}
+// Checks that argument doesn't contain colon or directory separator
+static inline bool hasSeparator(const PathName& name)
+{
+ for (const char* p = name.c_str(); *p; p++) {
+ if (*p == ':' || *p == '/' || *p == '\\')
+ return true;
+ }
+ return false;
+}
+
// Search for 'alias' in aliases.conf, return its value in 'file' if found. Else set file to alias.
// Returns true if alias is found in aliases.conf.
static bool resolveAlias(const PathName& alias, PathName& file, RefPtr<Config>* config)
@@ -289,38 +299,22 @@ static bool resolveAlias(const PathName& alias, PathName& file, RefPtr<Config>*
// Returns true if expanded successfully.
static bool resolveDatabaseAccess(const PathName& alias, PathName& file)
{
- PathName correctedAlias = alias;
- replace_dir_sep(correctedAlias);
-
- bool rc = true;
+ file = alias;
- PathName path, name;
- PathUtils::splitLastComponent(path, name, correctedAlias);
+ if (hasSeparator(alias))
+ return false;
- // if path component not present in file_name
- if (path.isEmpty())
+ // try to expand to existing file
+ if (!databaseDirectoryList().expandFileName(file, alias))
{
- // try to expand to existing file
- if (!databaseDirectoryList().expandFileName(file, name))
+ // try to use default path
+ if (!databaseDirectoryList().defaultName(file, alias))
{
- // try to use default path
- if (!databaseDirectoryList().defaultName(file, name))
- {
- rc = false;
- }
+ return false;
}
}
- else
- {
- rc = false;
- }
-
- if (! rc)
- {
- file = correctedAlias;
- }
- return rc;
+ return true;
}
// Set a prefix to a filename based on the ISC_PATH user variable.
@@ -333,11 +327,8 @@ static bool setPath(const PathName& filename, PathName& expandedName)
return false;
// If the file already contains a remote node or any path at all forget it.
- for (const char* p = filename.c_str(); *p; p++)
- {
- if (*p == ':' || *p == '/' || *p == '\\')
- return false;
- }
+ if (hasSeparator(filename))
+ return false;
// concatenate the strings
--
1.7.10.4
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
