Fix Security Exploit

This commit is contained in:
Jason Booth 2011-06-27 06:57:21 -05:00 committed by FrozenCow
parent 47620fe79e
commit d3b621f90b

View File

@ -6,6 +6,7 @@ import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import org.dynmap.Log;
import org.dynmap.utils.FileLockManager; import org.dynmap.utils.FileLockManager;
import org.dynmap.web.HttpField; import org.dynmap.web.HttpField;
import org.dynmap.web.HttpRequest; import org.dynmap.web.HttpRequest;
@ -23,16 +24,20 @@ public class FilesystemHandler extends FileHandler {
protected InputStream getFileInput(String path, HttpRequest request, HttpResponse response) { protected InputStream getFileInput(String path, HttpRequest request, HttpResponse response) {
File file = new File(root, path); File file = new File(root, path);
FileLockManager.getReadLock(file); FileLockManager.getReadLock(file);
if (file.getAbsolutePath().startsWith(root.getAbsolutePath()) && file.isFile()) { try {
FileInputStream result; if (file.getCanonicalPath().startsWith(root.getAbsolutePath()) && file.isFile()) {
try { FileInputStream result;
result = new FileInputStream(file); try {
} catch (FileNotFoundException e) { result = new FileInputStream(file);
FileLockManager.releaseReadLock(file); } catch (FileNotFoundException e) {
return null; FileLockManager.releaseReadLock(file);
return null;
}
response.fields.put(HttpField.ContentLength, Long.toString(file.length()));
return result;
} }
response.fields.put(HttpField.ContentLength, Long.toString(file.length())); } catch(IOException ex) {
return result; Log.severe("Unable to get canoical path of requested file.", ex);
} }
FileLockManager.releaseReadLock(file); FileLockManager.releaseReadLock(file);
return null; return null;