add strict validatation of GF_OPTION_TYPE_PATH option type.

Make sure that users don't provide "../" in the path value in volume file, which should be considered security issue. Signed-off-by: Anand V. Avati <avati@dev.gluster.com> BUG: 141 (GF_OPTION_TYPE_PATH should check for presence of ".." in path) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=141
author: Amar Tumballi <amar@gluster.com> 2009-07-15 01:38:33 +0000
committer: Anand V. Avati <avati@dev.gluster.com> 2009-07-16 00:37:33 -0700
commit: 3ce764351c0cdf01637eb0f19ec9846e91ca3f35 (patch)
tree: 0432a64253b92dd6e01f798cc34eb9255985283a /libglusterfs
parent: 61d9179fd8e884e3ace5b1ffd38f89e5032dbb42 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/libglusterfs/src/xlator.c b/libglusterfs/src/xlator.c
index 6f5da84b4c0..351e2434467 100644
--- a/libglusterfs/src/xlator.c
+++ b/libglusterfs/src/xlator.c
@@ -247,7 +247,15 @@ _volume_option_value_validate (xlator_t *xl,
 	switch (opt->type) {
 	case GF_OPTION_TYPE_PATH:
 	{
-  			/* Make sure the given path is valid */
+                if (strstr (pair->value->data, "../")) {
+                        gf_log (xl->name, GF_LOG_ERROR,
+                                "invalid path given '%s'",
+                                pair->value->data);
+                        ret = -1;
+                        goto out;
+                }
+
+                /* Make sure the given path is valid */
 		if (pair->value->data[0] != '/') {
 			gf_log (xl->name, GF_LOG_WARNING,
 				"option %s %s: '%s' is not an "
author	Amar Tumballi <amar@gluster.com>	2009-07-15 01:38:33 +0000
committer	Anand V. Avati <avati@dev.gluster.com>	2009-07-16 00:37:33 -0700
commit	3ce764351c0cdf01637eb0f19ec9846e91ca3f35 (patch)
tree	0432a64253b92dd6e01f798cc34eb9255985283a /libglusterfs
parent	61d9179fd8e884e3ace5b1ffd38f89e5032dbb42 (diff)