Upstream/waveterm
1
0
Fork 0
mirror of https://github.com/wavetermdev/waveterm.git synced 2025-01-22 21:42:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix PE-63, permissions for temp files

Browse Source
This commit is contained in:
sawka 2023-09-05 21:21:34 -07:00
parent c29c4a9a2d
commit bc488cf242
1 changed files with 32 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
pkg/server/server.go
View File

@ -11,6 +11,7 @@ import (
"errors"
"fmt"
"io"
"io/fs"
"os"
"os/exec"
"path/filepath"
@ -254,6 +255,23 @@ func (m *MServer) reinit(reqId string) {
m.Sender.SendPacket(initPk)
}
func makeTemp(path string, mode fs.FileMode) (*os.File, error) {
dirName := filepath.Dir(path)
baseName := filepath.Base(path)
baseTempName := baseName + ".tmp."
writeFd, err := os.CreateTemp(dirName, baseTempName)
if err != nil {
return nil, err
}
err = writeFd.Chmod(mode)
if err != nil {
writeFd.Close()
os.Remove(writeFd.Name())
return nil, fmt.Errorf("error setting tempfile permissions: %w", err)
}
return writeFd, nil
}
func (m *MServer) writeFile(pk *packet.WriteFilePacketType, wfc *WriteFileContext) {
defer wfc.setDone()
if pk.Path == "" {
@ -262,10 +280,22 @@ func (m *MServer) writeFile(pk *packet.WriteFilePacketType, wfc *WriteFileContex
m.Sender.SendPacket(resp)
return
}
finfo, err := os.Stat(pk.Path)
var finfo fs.FileInfo
var err error
if pk.UseTemp {
finfo, err = os.Lstat(pk.Path)
} else {
finfo, err = os.Stat(pk.Path)
}
if err == nil && finfo.IsDir() {
err = fmt.Errorf("invalid path, cannot write a directory")
}
if err == nil && ((finfo.Mode() & fs.ModeSymlink) != 0) {
err = fmt.Errorf("writefile (with usetemp) does not support symlinks")
}
if err == nil && ((finfo.Mode() & (fs.ModeNamedPipe | fs.ModeSocket | fs.ModeDevice | fs.ModeSetuid | fs.ModeSetgid)) != 0) {
err = fmt.Errorf("writefile does not support special files (named pipes, sockets, devices, setuid, or setgid): mode=%v", finfo.Mode())
}
if err == nil {
writePerm := (finfo.Mode().Perm() & 0o222)
if writePerm == 0 {
@ -295,8 +325,7 @@ func (m *MServer) writeFile(pk *packet.WriteFilePacketType, wfc *WriteFileContex
m.Sender.SendPacket(resp)
return
}
baseName := filepath.Base(pk.Path)
writeFd, err = os.CreateTemp(dirName, baseName+".tmp.")
writeFd, err = makeTemp(pk.Path, finfo.Mode().Perm())
if err != nil {
resp := packet.MakeWriteFileReadyPacket(pk.ReqId)
resp.Error = fmt.Sprintf("write-file could not open tempfile: %v", err)