From 87cc983da24f9500251cbd7a3d78f465f9dc9832 Mon Sep 17 00:00:00 2001 From: Michael Zillgith Date: Fri, 7 Oct 2022 16:58:32 +0100 Subject: [PATCH] - fixed problem in filename validation of MMS file services (LIB61850-357) --- src/mms/iso_mms/common/mms_common_msg.c | 9 +++------ src/mms/iso_mms/server/mms_file_service.c | 4 +++- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/mms/iso_mms/common/mms_common_msg.c b/src/mms/iso_mms/common/mms_common_msg.c index 3ba95765..76657334 100644 --- a/src/mms/iso_mms/common/mms_common_msg.c +++ b/src/mms/iso_mms/common/mms_common_msg.c @@ -573,11 +573,8 @@ mmsMsg_createExtendedFilename(const char* basepath, int bufSize, char* extendedF bool mmsMsg_isFilenameSave(const char* filename) { - if (filename) { - if (filename[0] == '/' || filename[0] == '\\') { - return false; - } - + if (filename) + { if (strstr(filename, "..")) return false; @@ -641,7 +638,7 @@ mmsMsg_parseFileName(char* filename, uint8_t* buffer, int* bufPos, int maxBufPos * characters. */ if (strstr(filename, "..") != NULL) { - mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_FILE_FILENAME_SYNTAX_ERROR); + mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_FILE_FILE_NON_EXISTENT); return false; } diff --git a/src/mms/iso_mms/server/mms_file_service.c b/src/mms/iso_mms/server/mms_file_service.c index 0eadc497..ca5d80f7 100644 --- a/src/mms/iso_mms/server/mms_file_service.c +++ b/src/mms/iso_mms/server/mms_file_service.c @@ -1048,7 +1048,9 @@ createFileDirectoryResponse(const char* basepath, uint32_t invokeId, ByteBuffer* continueAfterFileName = NULL; } - if ((mmsMsg_isFilenameSave(directoryName) == false) || (mmsMsg_isFilenameSave(continueAfterFileName) == false)) { + if ((directoryName && mmsMsg_isFilenameSave(directoryName) == false) || + (continueAfterFileName && mmsMsg_isFilenameSave(continueAfterFileName) == false)) + { if (DEBUG_MMS_SERVER) printf("MMS_SERVER: remote provided unsave filename -> rejected\n");