mercurial-scm/hg: mercurial/util.py comparison

Validate paths before reading or writing files in repository or working dir. Fixes security relevant issue134.

author	Thomas Arendsen Hein <thomas@intevation.de>
date	Sat, 04 Mar 2006 19:01:45 +0100
parents	4ced57680ce7
children	d314a89fa4f1

comparison

equal deleted inserted replaced

-:24881eaebee3
+:bdfb524d728a
 hardlink = False
 shutil.copy(src, dst)
 else:
 shutil.copy(src, dst)
-def opener(base):
+def audit_path(path):
+"""Abort if path contains dangerous components"""
+parts = os.path.normcase(path).split(os.sep)
+if (os.path.splitdrive(path)[0] or parts[0] in ('.hg', '')
+or os.pardir in parts):
+raise Abort(_("path contains illegal component: %s\n") % path)
+def opener(base, audit=True):
 """
 return a function that opens files relative to base
 this function is used to hide the details of COW semantics and
 remote file access from higher level code.
 """
 p = base
+audit_p = audit
 def mktempcopy(name):
 d, fn = os.path.split(name)
 fd, temp = tempfile.mkstemp(prefix=fn, dir=d)
 fp = os.fdopen(fd, "wb")
 rename(self.temp, self.__name)
 def __del__(self):
 self.close()
 def o(path, mode="r", text=False, atomic=False):
+if audit_p:
+audit_path(path)
 f = os.path.join(p, path)
 if not text:
 mode += "b" # for that other OS

Mercurial > public > mercurial-scm > hg