From 551eda8d060c5bafb8cf4a239e29b4f8b70240bb Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Wed, 1 Sep 2010 11:45:32 -0400 Subject: [PATCH] Implement checkInJail() --- src/paths.go | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/paths.go b/src/paths.go index 195007b..a2677f0 100644 --- a/src/paths.go +++ b/src/paths.go @@ -13,6 +13,7 @@ import ( "container/vector" "os" "path" + "strings" ) var JailRoot string; @@ -22,7 +23,16 @@ func canonicalizePath(raw_path string) string { return path.Clean(raw_path) } -func checkInJail(path string) bool { +func checkInJail(the_path string) bool { + if len(the_path) < len(JailRoot) { + return false + } + if the_path[0:len(JailRoot)] != JailRoot { + return false + } + if strings.Index(the_path, "../") != -1 { + return false + } return true } -- 2.43.5