RYTEC
/
libiec61850
mirror of https://github.com/mz-automation/libiec61850.git
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- fixed problem in filename validation of MMS file services (LIB61850-357)

Browse Source
v1.6_develop_rgoose_sntp
Michael Zillgith 3 years ago
parent 795b6cfba8
commit 87cc983da2
2 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File

9
src/mms/iso_mms/common/mms_common_msg.c
Unescape Escape View File

@ -573,11 +573,8 @@ mmsMsg_createExtendedFilename(const char* basepath, int bufSize, char* extendedF
bool bool
mmsMsg_isFilenameSave(const char* filename) mmsMsg_isFilenameSave(const char* filename)
{ {
if (filename) { if (filename)
if (filename[0] == '/' || filename[0] == '\\') { {
return false;
}
if (strstr(filename, "..")) if (strstr(filename, ".."))
return false; return false;
@ -641,7 +638,7 @@ mmsMsg_parseFileName(char* filename, uint8_t* buffer, int* bufPos, int maxBufPos
* characters. * characters.
*/ */
if (strstr(filename, "..") != NULL) { if (strstr(filename, "..") != NULL) {
mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_FILE_FILENAME_SYNTAX_ERROR); mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_FILE_FILE_NON_EXISTENT);
return false; return false;
} }

4
src/mms/iso_mms/server/mms_file_service.c
Unescape Escape View File

@ -1048,7 +1048,9 @@ createFileDirectoryResponse(const char* basepath, uint32_t invokeId, ByteBuffer*
continueAfterFileName = NULL; continueAfterFileName = NULL;
} }
if ((mmsMsg_isFilenameSave(directoryName) == false) || (mmsMsg_isFilenameSave(continueAfterFileName) == false)) { if ((directoryName && mmsMsg_isFilenameSave(directoryName) == false) ||
(continueAfterFileName && mmsMsg_isFilenameSave(continueAfterFileName) == false))
{
if (DEBUG_MMS_SERVER) if (DEBUG_MMS_SERVER)
printf("MMS_SERVER: remote provided unsave filename -> rejected\n"); printf("MMS_SERVER: remote provided unsave filename -> rejected\n");

Write Preview
Loading…
Cancel
Save