From 008052179fadd0adcccaf156e3d03361ab753620 Mon Sep 17 00:00:00 2001 From: Jason Booth Date: Mon, 27 Jun 2011 06:57:21 -0500 Subject: [PATCH] Fix Security Exploit --- .../web/handlers/FilesystemHandler.java | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/main/java/org/dynmap/web/handlers/FilesystemHandler.java b/src/main/java/org/dynmap/web/handlers/FilesystemHandler.java index 50a82e25..a9f1ebfa 100644 --- a/src/main/java/org/dynmap/web/handlers/FilesystemHandler.java +++ b/src/main/java/org/dynmap/web/handlers/FilesystemHandler.java @@ -6,6 +6,7 @@ import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import org.dynmap.Log; import org.dynmap.utils.FileLockManager; import org.dynmap.web.HttpField; import org.dynmap.web.HttpRequest; @@ -23,16 +24,20 @@ public class FilesystemHandler extends FileHandler { protected InputStream getFileInput(String path, HttpRequest request, HttpResponse response) { File file = new File(root, path); FileLockManager.getReadLock(file); - if (file.getAbsolutePath().startsWith(root.getAbsolutePath()) && file.isFile()) { - FileInputStream result; - try { - result = new FileInputStream(file); - } catch (FileNotFoundException e) { - FileLockManager.releaseReadLock(file); - return null; + try { + if (file.getCanonicalPath().startsWith(root.getAbsolutePath()) && file.isFile()) { + FileInputStream result; + try { + result = new FileInputStream(file); + } catch (FileNotFoundException e) { + FileLockManager.releaseReadLock(file); + return null; + } + response.fields.put(HttpField.ContentLength, Long.toString(file.length())); + return result; } - response.fields.put(HttpField.ContentLength, Long.toString(file.length())); - return result; + } catch(IOException ex) { + Log.severe("Unable to get canoical path of requested file.", ex); } FileLockManager.releaseReadLock(file); return null;