Security fix

author Sapan Bhatia <sapanb@cs.princeton.edu>

Mon, 18 May 2009 19:33:19 +0000 (19:33 +0000)

committer Sapan Bhatia <sapanb@cs.princeton.edu>

Mon, 18 May 2009 19:33:19 +0000 (19:33 +0000)
author Sapan Bhatia <sapanb@cs.princeton.edu>
Mon, 18 May 2009 19:33:19 +0000 (19:33 +0000)
committer Sapan Bhatia <sapanb@cs.princeton.edu>
Mon, 18 May 2009 19:33:19 +0000 (19:33 +0000)
diff --git a/exec/umount b/exec/umount

index 3d7fb48..7bde900 100755 (executable)
--- a/exec/umount
+++ b/exec/umount
@@ -7,12 +7,18 @@ my $slice_dir="/vservers/$slicename/";
  my $localpath = <STDIN>;
  
  chomp($localpath);
-$localpath=~s/\.\.//g;
  
  $localpath=$slice_dir.$localpath;
  
-unless($localpath=~/\/?[\w\d]+\/[\w\d]*\/?/) {
-    die("$localpath is not a path");
+my $pathtest;
+
+$pathtest='';
+while ($localpath=~/(\/?[\w\d\-_]+\/?)/g) {
+    $pathtest=$pathtest.$1;
+}
+
+if ($pathtest ne $localpath) {
+    die "$localpath is not a safe path";
  }
  
  my $mntcmd="/bin/umount $localpath";
author	Sapan Bhatia <sapanb@cs.princeton.edu>
	Mon, 18 May 2009 19:33:19 +0000 (19:33 +0000)
committer	Sapan Bhatia <sapanb@cs.princeton.edu>
	Mon, 18 May 2009 19:33:19 +0000 (19:33 +0000)