X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Ffile_ops.c;h=5547c005e0a374c20df9be7a32753111a88c0282;hb=21ab241ce134dfd2dd1520249e569d4b71c6e6e2;hp=ba4c2c3a9c533817a3843ea38e110ec3dae74656;hpb=fe0848e37f43c8857e90ad4235f34d06af5451ae;p=citadel.git

diff --git a/citadel/file_ops.c b/citadel/file_ops.c
index ba4c2c3a9..5547c005e 100644
--- a/citadel/file_ops.c
+++ b/citadel/file_ops.c
@@ -37,11 +37,6 @@
 #include "msgbase.h"
 #include "citserver.h"
 #include "threads.h"
-
-#ifndef HAVE_SNPRINTF
-#include "snprintf.h"
-#endif
-
 #include "ctdl_module.h"
 #include "user_ops.h"
 
@@ -208,6 +203,12 @@ void cmd_open(char *cmdbuf)
 			ERROR + FILE_NOT_FOUND);
 		return;
 	}
+	if (strstr(filename, "../") != NULL)
+	{
+		cprintf("%d syntax error.\n",
+			ERROR + ILLEGAL_VALUE);
+		return;
+	}
 
 	if (CC->download_fp != NULL) {
 		cprintf("%d You already have a download file open.\n",
@@ -289,6 +290,13 @@ void cmd_oimg(char *cmdbuf)
 				filename[a] = '_';
 			}
 		}
+		if (strstr(filename, "../") != NULL)
+		{
+			cprintf("%d syntax error.\n",
+				ERROR + ILLEGAL_VALUE);
+			return;
+		}
+
 		snprintf(pathname, sizeof pathname,
 				 "%s/%s",
 				 ctdl_image_dir,
@@ -588,10 +596,15 @@ void cmd_read(char *cmdbuf)
 	long start_pos;
 	size_t bytes;
 	char buf[SIZ];
+	int rc;
 
 	/* The client will transmit its requested offset and byte count */
 	start_pos = extract_long(cmdbuf, 0);
 	bytes = extract_int(cmdbuf, 1);
+	if ((start_pos < 0) || (bytes <= 0)) {
+		cprintf("%d you have to specify a value > 0.\n", ERROR + ILLEGAL_VALUE);
+		return;
+	}
 
 	if (CC->download_fp == NULL) {
 		cprintf("%d You don't have a download file open.\n",
@@ -604,7 +617,16 @@ void cmd_read(char *cmdbuf)
 		bytes = sizeof(buf);
 	}
 
-	fseek(CC->download_fp, start_pos, 0);
+	rc = fseek(CC->download_fp, start_pos, 0);
+	if (rc < 0) {
+		cprintf("%d your file is smaller then %ld.\n", ERROR + ILLEGAL_VALUE, start_pos);
+		syslog(LOG_ALERT, "your file %s is smaller then %ld. [%s]\n", 
+		       CC->upl_path, 
+		       start_pos,
+		       strerror(errno));
+
+		return;
+	}
 	bytes = fread(buf, 1, bytes, CC->download_fp);
 	if (bytes > 0) {
 		/* Tell the client the actual byte count and transmit it */