mirror of
https://github.com/filebrowser/filebrowser.git
synced 2026-07-17 16:36:49 +00:00
fix: prevent symlink scope escape in copy/move/rename
Check WithinScope for src and dst in resourcePatchHandler before fileutils.Copy/MoveFile, which follow symlinks and bypassed the stat()/writeFile() guards (GHSA-239w-m3h6-ch8v).
This commit is contained in:
parent
103acd15fe
commit
cdd666fc95
1 changed files with 13 additions and 0 deletions
|
|
@ -228,6 +228,19 @@ func resourcePatchHandler(fileCache FileCache) handleFunc {
|
|||
return http.StatusForbidden, nil
|
||||
}
|
||||
|
||||
// Refuse to copy/move through a symlink that escapes the user's scope,
|
||||
// for either the source (read escape) or the destination (write
|
||||
// escape). fileutils.Copy/MoveFile operate on the raw afero FS and
|
||||
// follow symlinks, so they bypass the guards in stat()/writeFile().
|
||||
for _, p := range []string{src, dst} {
|
||||
if ok, scopeErr := files.WithinScope(d.user.Fs, p); scopeErr != nil || !ok {
|
||||
if scopeErr != nil {
|
||||
return errToStatus(scopeErr), scopeErr
|
||||
}
|
||||
return http.StatusForbidden, nil
|
||||
}
|
||||
}
|
||||
|
||||
err = checkParent(src, dst)
|
||||
if err != nil {
|
||||
return http.StatusBadRequest, err
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue