From 034b4e826627dddf47ff27278897804e39741e57 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 21 Apr 2010 15:05:59 -0400 Subject: [PATCH] remove verify_src_file Splitting out this function bothered me. It is conceptially similar to file_pruned, and yet also very specific to exactly the security needs of find_src_files. I liked that it got rid of duplicate code in the latter function. So instead, put a helper sub in that, which I think allows refactoring things more cleanly, and with less boilerplate. As to the needs of gen_autofile, I'm not convinced this needs to handle the same set of problems that verify_src_file did. So I sat down and wrote a custom validator for autofiles, which turned out to seem to just need three things: Make sure the candidate filename is not something that would be pruned; untaint the candidate filename; and make sure that srcdir doesn't already have something with its name. (Plus, of course, all the other checks that were already in gen_autofile.) (In passing, also fixed a bunch of bugs I had introduced in this branch.) --- IkiWiki/Render.pm | 115 ++++++++++++++++++++++------------------------ 1 file changed, 55 insertions(+), 60 deletions(-) diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm index 03b2910fd..14f6f9d5f 100644 --- a/IkiWiki/Render.pm +++ b/IkiWiki/Render.pm @@ -281,68 +281,59 @@ sub srcdir_check () { } -sub verify_src_file ($$) { - my $file=shift; - my $dir=shift; - - return if -l $file || -d _; - $file=~s/^\Q$dir\E\/?//; - return if ! length $file; - my $page = pagename($file); - if (! exists $pagesources{$page} && - file_pruned($file)) { - return; - } - - my ($file_untainted) = $file =~ /$config{wiki_file_regexp}/; # untaint - if (! defined $file_untainted) { - warn(sprintf(gettext("skipping bad filename %s"), $file)."\n"); - } - return ($file_untainted, $page); -} - sub find_src_files () { my @files; my %pages; eval q{use File::Find}; error($@) if $@; - find({ - no_chdir => 1, - wanted => sub { - my ($file, $page) = verify_src_file(decode_utf8($_), $config{srcdir}); - if (defined $file) { - push @files, $file; - if ($pages{$page}) { - debug(sprintf(gettext("%s has multiple possible source pages"), $page)); + + my ($page, $dir, $underlay); + my $helper=sub { + my $file=decode_utf8($_); + + return if -l $file || -d _; + $file=~s/^\Q$dir\E\/?//; + return if ! length $file; + $page = pagename($file); + if (! exists $pagesources{$page} && + file_pruned($file)) { + $File::Find::prune=1; + return; + } + + my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint + if (! defined $f) { + warn(sprintf(gettext("skipping bad filename %s"), $file)."\n"); + } + + if ($underlay) { + # avoid underlaydir override attacks; see security.mdwn + if (! -l "$config{srcdir}/$f" && ! -e _) { + if (! $pages{$page}) { + push @files, $f; + $pages{$page}=1; } - $pages{$page}=1; } - else { - $File::Find::prune=1; + } + else { + push @files, $f; + if ($pages{$page}) { + debug(sprintf(gettext("%s has multiple possible source pages"), $page)); } - }, - }, $config{srcdir}); - foreach my $dir (@{$config{underlaydirs}}, $config{underlaydir}) { + $pages{$page}=1; + } + }; + + find({ + no_chdir => 1, + wanted => $helper, + }, $dir=$config{srcdir}); + $underlay=1; + foreach (@{$config{underlaydirs}}, $config{underlaydir}) { find({ no_chdir => 1, - wanted => sub { - my ($file, $page) = verify_src_file(decode_utf8($_), $dir); - if (defined $file) { - # avoid underlaydir override - # attacks; see security.mdwn - if (! -l "$config{srcdir}/$file" && - ! -e _) { - if (! $pages{$page}) { - push @files, $file; - $pages{$page}=1; - } - } - } - else { - $File::Find::prune=1; - } - }, - }, $dir); + wanted => $helper, + }, $dir=$_); }; return \@files, \%pages; } @@ -691,24 +682,28 @@ sub gen_autofile ($$$) { my $pages=shift; my $del=shift; - if (srcfile($autofile, 1)) { - return 0; + if (srcfile($autofile, 1) || file_pruned($autofile)) { + return; } - - my ($file, $page) = verify_src_file("$config{srcdir}/$autofile", $config{srcdir}); + my $file="$config{srcdir}/$autofile" =~ /$config{wiki_file_regexp}/; # untaint + if (! defined $file || -l $file || -d _ || -e _) { + return; + } + if ((!defined $file) || (exists $wikistate{$autofiles{$autofile}{plugin}}{autofile_deleted})) { - return 0; + return; } + my $page = pagename($file); if ($pages->{$page}) { - return 0; + return; } if (grep { $_ eq $file } @$del) { - $wikistate{$autofiles{$autofile}{generator}}{autofile_deleted}=1; - return 0; + $wikistate{$autofiles{$autofile}{plugin}}{autofile_deleted}=1; + return; } $autofiles{$autofile}{generator}->(); -- 2.26.2