- fixed problem in filename validation of MMS file services (LIB61850-357)

3 years ago · 87cc983da2
parent 795b6cfba8
commit 87cc983da2
2 changed files with 6 additions and 7 deletions
--- a/src/mms/iso_mms/common/mms_common_msg.c
+++ b/src/mms/iso_mms/common/mms_common_msg.c
@ -573,11 +573,8 @@ mmsMsg_createExtendedFilename(const char* basepath, int bufSize, char* extendedF
 bool
 mmsMsg_isFilenameSave(const char* filename)
 {
-    if (filename) {
-        if (filename[0] == '/' || filename[0] == '\\') {
-            return false;
-        }
-
+    if (filename)
+    {
        if (strstr(filename, ".."))
            return false;

@ -641,7 +638,7 @@ mmsMsg_parseFileName(char* filename, uint8_t* buffer, int* bufPos, int maxBufPos
     * characters.
     */
    if (strstr(filename, "..") != NULL) {
-        mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_FILE_FILENAME_SYNTAX_ERROR);
+        mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_FILE_FILE_NON_EXISTENT);
        return false;
    }

--- a/src/mms/iso_mms/server/mms_file_service.c
+++ b/src/mms/iso_mms/server/mms_file_service.c
@ -1048,7 +1048,9 @@ createFileDirectoryResponse(const char* basepath, uint32_t invokeId, ByteBuffer*
            continueAfterFileName = NULL;
    }

-    if ((mmsMsg_isFilenameSave(directoryName) == false) || (mmsMsg_isFilenameSave(continueAfterFileName) == false)) {
+    if ((directoryName && mmsMsg_isFilenameSave(directoryName) == false) || 
+        (continueAfterFileName && mmsMsg_isFilenameSave(continueAfterFileName) == false))
+    {
        if (DEBUG_MMS_SERVER)
            printf("MMS_SERVER: remote provided unsave filename -> rejected\n");