0001-fixes-6086-CVE-2014-0007-fixed-TFTP-boot-API-remote-.patch
lib/proxy/tftp.rb | ||
---|---|---|
98 | 98 |
class << self |
99 | 99 |
include Proxy::Util |
100 | 100 |
def fetch_boot_file dst, src |
101 |
filename = src.split("/")[-1] |
|
102 |
destination = Pathname.new("#{SETTINGS.tftproot}/#{dst}-#{filename}") |
|
101 |
filename = dst + '-' + src.split("/")[-1] |
|
102 |
destination = Pathname.new(File.absolute_path(filename, SETTINGS.tftproot)).cleanpath |
|
103 |
tftproot = Pathname.new(SETTINGS.tftproot).cleanpath |
|
104 |
raise "TFTP destination outside of tftproot" unless destination.to_s.start_with?(tftproot.to_s) |
|
103 | 105 | |
104 | 106 |
# Ensure that our image directory exists |
105 | 107 |
# as the dst might contain another sub directory |
106 | 108 |
FileUtils.mkdir_p destination.parent |
107 | 109 | |
108 | 110 |
wget = which("wget") |
109 |
cmd = "#{wget} --timeout=10 --tries=3 --no-check-certificate -nv -c #{src} -O \"#{destination}\""
|
|
111 |
cmd = "#{wget} --timeout=10 --tries=3 --no-check-certificate -nv -c \"#{escape_for_shell(src.to_s)}\" -O \"#{escape_for_shell(destination.to_s)}\""
|
|
110 | 112 |
CommandTask.new(cmd) |
111 | 113 |
end |
112 | 114 |
end |
test/tftp_test.rb | ||
---|---|---|
22 | 22 |
SETTINGS.stubs(:tftproot).returns("./some/root") |
23 | 23 |
assert_equal Pathname.new(__FILE__).join("..", "..", "lib","proxy","some","root").to_s, @tftp.send(:path) |
24 | 24 |
end |
25 | ||
26 |
def test_paths_inside_tftp_directory_dont_raise_errors |
|
27 |
SETTINGS.stubs(:tftproot).returns("/some/root") |
|
28 |
Proxy::Util::CommandTask.stubs(:new).returns(true) |
|
29 |
FileUtils.stubs(:mkdir_p).returns(true) |
|
30 |
assert Proxy::TFTP.send(:fetch_boot_file,'/some/root/boot/file','http://localhost/file') |
|
31 |
end |
|
32 | ||
33 |
def test_paths_outside_tftp_directory_raise_errors |
|
34 |
SETTINGS.stubs(:tftproot).returns("/some/root") |
|
35 |
Proxy::Util::CommandTask.stubs(:new).returns(true) |
|
36 |
FileUtils.stubs(:mkdir_p).returns(true) |
|
37 |
assert_raises RuntimeError do |
|
38 |
Proxy::TFTP.send(:fetch_boot_file,'/other/root/boot/file','http://localhost/file') |
|
39 |
end |
|
40 |
end |
|
41 | ||
25 | 42 |
end |
26 |
- |