be5104801a919dd2668e935b265b669940c9199a markd Wed Dec 9 22:05:45 2020 -0800 added check for attempting to access outside of gfServer root diff --git src/gfServer/gfServer.c src/gfServer/gfServer.c index fc68f96..9e5d6e3 100644 --- src/gfServer/gfServer.c +++ src/gfServer/gfServer.c @@ -1,25 +1,26 @@ /* gfServer - set up an index of the genome in memory and * respond to search requests. */ /* Copyright 2001-2003 Jim Kent. All rights reserved. */ #include "common.h" #include <signal.h> #include <stdarg.h> #include <sys/socket.h> #include <netinet/in.h> #include <netdb.h> #include "portable.h" +#include "filePath.h" #include "net.h" #include "dnautil.h" #include "dnaseq.h" #include "nib.h" #include "twoBit.h" #include "fa.h" #include "dystring.h" #include "errAbort.h" #include "memalloc.h" #include "genoFind.h" #include "options.h" #include "trans3.h" #include "log.h" #include "internet.h" #include "hash.h" @@ -1122,30 +1123,35 @@ return gfIdx; } static void dynWarnHandler(char *format, va_list args) /* log error warning and error message, along with printing */ { logErrorVa(format, args); vfprintf(stderr, format, args); fputc('\n', stderr); } static void dynSessionInit(struct dynSession *dynSession, char *rootDir, char *genome, char *genomeDataDir, boolean isTrans) /* Initialize or reinitialize a dynSession object */ { +if ((!isSafeRelativePath(genome)) || (strchr(genome, '/') != NULL)) + errAbort("genome argument can't contain '/' or '..': %s", genome); +if (!isSafeRelativePath(genomeDataDir)) + errAbort("genomeDataDir argument must be a relative path without '..' elements: %s", genomeDataDir); + // will free current content if initialized genoFindIndexFree(&dynSession->gfIdx); hashFree(&dynSession->perSeqMaxHash); time_t startTime = clock1000(); dynSession->isTrans = isTrans; safecpy(dynSession->genome, sizeof(dynSession->genome), genome); // construct path to sequence and index files char seqFileDir[PATH_LEN]; if (genomeDataDir[0] == '/') // abs or relative safecpy(seqFileDir, sizeof(seqFileDir), genomeDataDir); else safef(seqFileDir, sizeof(seqFileDir), "%s/%s", rootDir, genomeDataDir);