[openobex-users] obexftpd - parent directory of base directory accessible

Tue, 12 Jun 2007 18:45:58 -0700 

Hello,
I am using obexftpd (from ObexFTP-0.22-rc3 <http://triq.net/obexftp/obexftp-0.22-rc3.tar.bz2>) with BlueSoleil (3.2.2.8) as client. 


I found that it is possible to go to parent directory (at least) from 
default base directory using ".." in BlueSoleil UI (Bluesoleil sends 
only ".." in name field).
You can find attached a fix for this. It also adds management of 
"SETPATH backward".


Regards

Fred


PS: Hope this will be visible in mailing list, as I try since yesterday 
to subscribe without result


--
-----------------------------------------------
It is not by improving the oil lamp that one invents the electric bulb!
-----------------------------------------------
Danis Frederic                   Access Company
Software engineer
Mail : mailto:[EMAIL PROTECTED]
-----------------------------------------------


diff -Naur obexftp-0.22-rc3/apps/obexftpd.c obexftp-0.22/apps/obexftpd.c
--- obexftp-0.22-rc3/apps/obexftpd.c	2007-06-05 03:36:35.000000000 +0200
+++ obexftp-0.22/apps/obexftpd.c	2007-06-11 10:22:45.000000000 +0200
@@ -364,27 +364,42 @@
 	
 	if (name)
 	{
-		if (strstr(name, "/../"))
+		if ((strstr(name, "/")) || (strncmp(name, "..", 2) == 0))
 		{
 			OBEX_ObjectSetRsp(object, OBEX_RSP_CONTINUE, OBEX_RSP_FORBIDDEN);
 		} else {
-		strcpy(fullname, CUR_DIR);
-		strncat(fullname, name, sizeof(fullname)-1);
-		if ((*setpath_nohdr_data & 2) == 0) {
-			if (verbose) printf("mkdir %s\n", name);
-			if (mkdir(fullname, 0755) < 0) {
-				perror("requested mkdir failed");
+			strcpy(fullname, CUR_DIR);
+			strncat(fullname, name, sizeof(fullname)-1);
+			if ((*setpath_nohdr_data & 2) == 0) {
+				if (verbose) printf("mkdir %s\n", name);
+				if (mkdir(fullname, 0755) < 0) {
+					perror("requested mkdir failed");
+				}
+			}
+
+			if (verbose) printf("Set path to %s\n",fullname);
+			if (chdir(fullname) < 0) {
+				perror("requested chdir failed\n");
+				OBEX_ObjectSetRsp(object, OBEX_RSP_CONTINUE, OBEX_RSP_FORBIDDEN);
 			}
-		}
-		if (verbose) printf("Set path to %s\n",fullname);
-		if (chdir(fullname) < 0)
-		{
-			perror("requested chdir failed\n");
-			OBEX_ObjectSetRsp(object, OBEX_RSP_CONTINUE, OBEX_RSP_FORBIDDEN);
-		}
 		}
 		free(name);
 		name = NULL;
+	} else if ((*setpath_nohdr_data & 3) == 3) {
+		if (getcwd(fullname, WORK_PATH_MAX - 1) == NULL) {
+			perror("unable to get current dir");
+			OBEX_ObjectSetRsp(object, OBEX_RSP_CONTINUE, OBEX_RSP_FORBIDDEN);
+		} else if (strstr(fullname, init_work_path) == NULL) {
+			perror("not allowed");
+			OBEX_ObjectSetRsp(object, OBEX_RSP_CONTINUE, OBEX_RSP_FORBIDDEN);
+		} else {
+			if (verbose) printf("Set path backward\n");
+			if (chdir("./..") < 0)
+			{
+				perror("requested chdir failed\n");
+				OBEX_ObjectSetRsp(object, OBEX_RSP_CONTINUE, OBEX_RSP_FORBIDDEN);
+			}
+		}
 	}
 }
 

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Openobex-users mailing list
[email protected]
http://lists.sourceforge.net/lists/listinfo/openobex-users






















					Reply via email to