File-Handling: sanitize filenames.

[citadel.git] / citadel / file_ops.c

diff --git a/citadel/file_ops.c b/citadel/file_ops.c
index a3e8d749859590c8ea035e51a59f9ab010ea71b0..5547c005e0a374c20df9be7a32753111a88c0282 100644 (file)
--- a/citadel/file_ops.c
+++ b/citadel/file_ops.c
@@ -37,11 +37,6 @@
 #include "msgbase.h"
 #include "citserver.h"
 #include "threads.h"
-
-#ifndef HAVE_SNPRINTF
-#include "snprintf.h"
-#endif
-
 #include "ctdl_module.h"
 #include "user_ops.h"
 
@@ -208,6 +203,12 @@ void cmd_open(char *cmdbuf)
                        ERROR + FILE_NOT_FOUND);
                return;
        }
+       if (strstr(filename, "../") != NULL)
+       {
+               cprintf("%d syntax error.\n",
+                       ERROR + ILLEGAL_VALUE);
+               return;
+       }
 
        if (CC->download_fp != NULL) {
                cprintf("%d You already have a download file open.\n",
@@ -289,6 +290,13 @@ void cmd_oimg(char *cmdbuf)
                                filename[a] = '_';
                        }
                }
+               if (strstr(filename, "../") != NULL)
+               {
+                       cprintf("%d syntax error.\n",
+                               ERROR + ILLEGAL_VALUE);
+                       return;
+               }
+
                snprintf(pathname, sizeof pathname,
                                 "%s/%s",
                                 ctdl_image_dir,