Project

General

Profile

0001-fixes-6086-CVE-2014-0007-fixed-TFTP-boot-API-remote-.patch

Greg Sutcliffe, 06/16/2014 11:56 AM

View differences:

lib/proxy/tftp.rb
98 98
  class << self
99 99
    include Proxy::Util
100 100
    def fetch_boot_file dst, src
101
      filename    = src.split("/")[-1]
102
      destination = Pathname.new("#{SETTINGS.tftproot}/#{dst}-#{filename}")
101
      filename    = dst + '-' + src.split("/")[-1]
102
      destination = Pathname.new(File.absolute_path(filename, SETTINGS.tftproot)).cleanpath
103
      tftproot    = Pathname.new(SETTINGS.tftproot).cleanpath
104
      raise "TFTP destination outside of tftproot" unless destination.to_s.start_with?(tftproot.to_s)
103 105

  
104 106
      # Ensure that our image directory exists
105 107
      # as the dst might contain another sub directory
106 108
      FileUtils.mkdir_p destination.parent
107 109

  
108 110
      wget = which("wget")
109
      cmd = "#{wget} --timeout=10 --tries=3 --no-check-certificate -nv -c #{src} -O \"#{destination}\""
111
      cmd = "#{wget} --timeout=10 --tries=3 --no-check-certificate -nv -c \"#{escape_for_shell(src.to_s)}\" -O \"#{escape_for_shell(destination.to_s)}\""
110 112
      CommandTask.new(cmd)
111 113
    end
112 114
  end
test/tftp_test.rb
22 22
    SETTINGS.stubs(:tftproot).returns("./some/root")
23 23
    assert_equal Pathname.new(__FILE__).join("..", "..", "lib","proxy","some","root").to_s, @tftp.send(:path)
24 24
  end
25

  
26
  def test_paths_inside_tftp_directory_dont_raise_errors
27
    SETTINGS.stubs(:tftproot).returns("/some/root")
28
    Proxy::Util::CommandTask.stubs(:new).returns(true)
29
    FileUtils.stubs(:mkdir_p).returns(true)
30
    assert Proxy::TFTP.send(:fetch_boot_file,'/some/root/boot/file','http://localhost/file')
31
  end
32

  
33
  def test_paths_outside_tftp_directory_raise_errors
34
    SETTINGS.stubs(:tftproot).returns("/some/root")
35
    Proxy::Util::CommandTask.stubs(:new).returns(true)
36
    FileUtils.stubs(:mkdir_p).returns(true)
37
    assert_raises RuntimeError do
38
      Proxy::TFTP.send(:fetch_boot_file,'/other/root/boot/file','http://localhost/file')
39
    end
40
  end
41

  
25 42
end
26
-