mirror of
https://github.com/aria2/aria2.git
synced 2024-11-26 19:43:42 +08:00
2010-05-06 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
Fixed the bug that name attribute of file element in Metalink file is not properly sanitized. * src/Metalink2RequestGroup.cc * src/MetalinkParserController.cc * test/Makefile.am * test/Metalink2RequestGroupTest.cc * test/metalink4-dosdirtraversal.xml
This commit is contained in:
Tatsuhiro Tsujikawa
parent
2bcf648102
commit
460ee92644
10
ChangeLog
10
ChangeLog
@ -1,3 +1,13 @@
|
||||
2010-05-06 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
|
||||
|
||||
Fixed the bug that name attribute of file element in Metalink file
|
||||
is not properly sanitized.
|
||||
* src/Metalink2RequestGroup.cc
|
||||
* src/MetalinkParserController.cc
|
||||
* test/Makefile.am
|
||||
* test/Metalink2RequestGroupTest.cc
|
||||
* test/metalink4-dosdirtraversal.xml
|
||||
|
||||
2010-05-06 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
|
||||
|
||||
Fixed the bug that if filename in Content-Disposition header
|
||||
|
||||
@ -290,8 +290,7 @@ Metalink2RequestGroup::createRequestGroup
|
||||
AccumulateNonP2PUri(uris));
|
||||
SharedHandle<FileEntry> fe
|
||||
(new FileEntry
|
||||
(util::applyDir(option->get(PREF_DIR),
|
||||
util::escapePath((*i)->file->getPath())),
|
||||
(util::applyDir(option->get(PREF_DIR), (*i)->file->getPath()),
|
||||
(*i)->file->getLength(), offset, uris));
|
||||
if(option->getAsBool(PREF_METALINK_ENABLE_UNIQUE_PROTOCOL)) {
|
||||
fe->disableSingleHostMultiConnection();
|
||||
|
||||
@ -90,7 +90,7 @@ void MetalinkParserController::setFileNameOfEntry(const std::string& filename)
|
||||
std::string path = util::joinPath(elements.begin(), elements.end());
|
||||
|
||||
if(_tEntry->file.isNull()) {
|
||||
_tEntry->file.reset(new FileEntry(path, 0, 0));
|
||||
_tEntry->file.reset(new FileEntry(util::escapePath(path), 0, 0));
|
||||
} else {
|
||||
_tEntry->file->setPath(util::escapePath(path));
|
||||
}
|
||||
|
||||
@ -252,4 +252,5 @@ EXTRA_DIST = 4096chunk.txt\
|
||||
metalink4.xml\
|
||||
metalink3-dirtraversal.xml\
|
||||
metalink4-groupbymetaurl.xml\
|
||||
serialize_session.meta4
|
||||
serialize_session.meta4\
|
||||
metalink4-dosdirtraversal.xml
|
||||
|
||||
@ -691,7 +691,8 @@ EXTRA_DIST = 4096chunk.txt\
|
||||
metalink4.xml\
|
||||
metalink3-dirtraversal.xml\
|
||||
metalink4-groupbymetaurl.xml\
|
||||
serialize_session.meta4
|
||||
serialize_session.meta4\
|
||||
metalink4-dosdirtraversal.xml
|
||||
|
||||
all: all-am
|
||||
|
||||
|
||||
@ -17,6 +17,7 @@ class Metalink2RequestGroupTest:public CppUnit::TestFixture {
|
||||
CPPUNIT_TEST_SUITE(Metalink2RequestGroupTest);
|
||||
CPPUNIT_TEST(testGenerate);
|
||||
CPPUNIT_TEST(testGenerate_groupByMetaurl);
|
||||
CPPUNIT_TEST(testGenerate_dosDirTraversal);
|
||||
CPPUNIT_TEST_SUITE_END();
|
||||
private:
|
||||
SharedHandle<Option> _option;
|
||||
@ -30,6 +31,7 @@ public:
|
||||
|
||||
void testGenerate();
|
||||
void testGenerate_groupByMetaurl();
|
||||
void testGenerate_dosDirTraversal();
|
||||
};
|
||||
|
||||
|
||||
@ -195,4 +197,29 @@ void Metalink2RequestGroupTest::testGenerate_groupByMetaurl()
|
||||
#endif // !ENABLE_BITTORRENT
|
||||
}
|
||||
|
||||
void Metalink2RequestGroupTest::testGenerate_dosDirTraversal()
|
||||
{
|
||||
#ifdef __MINGW32__
|
||||
#ifdef ENABLE_BITTORRENT
|
||||
std::vector<SharedHandle<RequestGroup> > groups;
|
||||
_option->put(PREF_DIR, "/tmp");
|
||||
Metalink2RequestGroup().generate
|
||||
(groups, "metalink4-dosdirtraversal.xml", _option);
|
||||
CPPUNIT_ASSERT_EQUAL((size_t)3, groups.size());
|
||||
SharedHandle<RequestGroup> rg = groups[0];
|
||||
SharedHandle<FileEntry> file = rg->getDownloadContext()->getFirstFileEntry();
|
||||
CPPUNIT_ASSERT_EQUAL(std::string("/tmp/.._.._example.ext"),
|
||||
file->getPath());
|
||||
|
||||
rg = groups[2];
|
||||
file = rg->getDownloadContext()->getFileEntries()[0];
|
||||
CPPUNIT_ASSERT_EQUAL(std::string("/tmp/.._.._file1.ext"),
|
||||
file->getPath());
|
||||
file = rg->getDownloadContext()->getFileEntries()[1];
|
||||
CPPUNIT_ASSERT_EQUAL(std::string("/tmp/.._.._file2.ext"),
|
||||
file->getPath());
|
||||
#endif // ENABLE_BITTORRENT
|
||||
#endif // __MINGW32__
|
||||
}
|
||||
|
||||
} // namespace aria2
|
||||
|
||||
14
test/metalink4-dosdirtraversal.xml
Normal file
14
test/metalink4-dosdirtraversal.xml
Normal file
@ -0,0 +1,14 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<metalink xmlns="urn:ietf:params:xml:ns:metalink">
|
||||
<file name="..\..\example.ext">
|
||||
<url location="fr" priority="1">http://example.com/example.ext</url>
|
||||
</file>
|
||||
<file name="..\..\file1.ext">
|
||||
<size>12345</size>
|
||||
<metaurl mediatype="torrent" name="d/file1.ext">http://example.com/example.torrent</metaurl>
|
||||
</file>
|
||||
<file name="..\..\file2.ext">
|
||||
<size>12345</size>
|
||||
<metaurl mediatype="torrent" name="d/file2.ext">http://example.com/example.torrent</metaurl>
|
||||
</file>
|
||||
</metalink>
|
||||
Loading…
Reference in New Issue
Block a user