diff options
Diffstat (limited to 'netfs/daemon/daemonVolume.cpp')
| -rw-r--r-- | netfs/daemon/daemonVolume.cpp | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/netfs/daemon/daemonVolume.cpp b/netfs/daemon/daemonVolume.cpp index 087eaf7..7ab8bd1 100644 --- a/netfs/daemon/daemonVolume.cpp +++ b/netfs/daemon/daemonVolume.cpp @@ -12,13 +12,14 @@ #include "lockHelpers.h" #include "modeCheck.h" #include <boost/filesystem/operations.hpp> +#include <boost/algorithm/string/predicate.hpp> #include <entCache.h> #include "daemon.h" extern std::map<Ice::Int, int> files; VolumeServer::VolumeServer(const boost::filesystem::path & r, const EntCache<User> & u, const EntCache<Group> & g) : - root(r), + root(boost::filesystem::canonical(r)), userLookup(u), groupLookup(g) { @@ -326,6 +327,10 @@ boost::filesystem::path VolumeServer::resolvePath(const std::string & path) const { Lock(lock); - return root / path; + auto p((root / path).normalize()); + if (!boost::algorithm::starts_with(p.string(), root.string())) { + throw NetFS::SystemError(EPERM); + } + return p; } |