ambiser
/
btrbk
mirror of https://github.com/digint/btrbk
9
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

btrbk: disallow newline in files 

While most functionality works fine, raw backups fail to write correct
"FILE=" information in info sidecar.

Disallowing newlines in files is a good idea in general.
pull/504/merge
Axel Burri 2022-11-19 19:31:57 +01:00
parent 87ed9ffeb5
commit 7a4a54db97
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
btrbk
View File

@ -3768,7 +3768,10 @@ sub check_file($$;@)
die("accept_type must contain either 'relative' or 'absolute'"); die("accept_type must contain either 'relative' or 'absolute'");
} }
# check directory traversal if($file =~ /\n/) {
ERROR "Unsupported newline in file ${error_statement}: " . ($file =~ s/\n/\\n/gr) if(defined($error_statement));
return undef;
}
if(($file =~ /^\.\.$/) || ($file =~ /^\.\.\//) || ($file =~ /\/\.\.\//) || ($file =~ /\/\.\.$/)) { if(($file =~ /^\.\.$/) || ($file =~ /^\.\.\//) || ($file =~ /\/\.\.\//) || ($file =~ /\/\.\.$/)) {
ERROR "Illegal directory traversal ${error_statement}: $file" if(defined($error_statement)); ERROR "Illegal directory traversal ${error_statement}: $file" if(defined($error_statement));
return undef; return undef;