summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2008-10-07 17:31:24 +0000
committerTed Trask <ttrask01@yahoo.com>2008-10-07 17:31:24 +0000
commit22a35c7448599aaa4e6c43d69c3e1c511e1534e3 (patch)
treecc27f87cb7408a0bdaa7728503dbb29fe80e5815
parent131d8583638dd5b44d37c292d99740bde3dcf2b6 (diff)
downloadacf-tcpproxy-22a35c7448599aaa4e6c43d69c3e1c511e1534e3.tar.bz2
acf-tcpproxy-22a35c7448599aaa4e6c43d69c3e1c511e1534e3.tar.xz
Modified modelfunctions library to include validation in get/setfiledetails. Modified all uses to validate the file name - this was a major security hole.
git-svn-id: svn://svn.alpinelinux.org/acf/tcpproxy/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r--tcpproxy-model.lua17
1 files changed, 3 insertions, 14 deletions
diff --git a/tcpproxy-model.lua b/tcpproxy-model.lua
index e0e820b..508301f 100644
--- a/tcpproxy-model.lua
+++ b/tcpproxy-model.lua
@@ -201,8 +201,7 @@ function getconfigfile()
end
function setconfigfile(filedetails)
- filedetails.value.filename.value = configfile
- return modelfunctions.setfiledetails(filedetails)
+ return modelfunctions.setfiledetails(filedetails, {configfile})
end
function getsmtpstatus()
@@ -374,21 +373,11 @@ function createsmtpfile(filedetails)
end
function readsmtpfile(filename)
- if validator.is_valid_filename(filename, smtpdirectory) and fs.is_file(filename) then
- return modelfunctions.getfiledetails(filename)
- end
- local retval = modelfunctions.getfiledetails("")
- retval.value.filename.value = filename
- return retval
+ return modelfunctions.getfiledetails(filename, function(filename) return validator.is_valid_filename(filename, smtpdirectory) end)
end
function updatesmtpfile(filedetails)
- if validator.is_valid_filename(filedetails.value.filename.value, smtpdirectory) and fs.is_file(filedetails.value.filename.value) then
- return modelfunctions.setfiledetails(filedetails)
- end
- filedetails.value.filename.errtxt = "Invalid Filename"
- filedetails.errtxt = "Failed to set file"
- return filedetails
+ return modelfunctions.setfiledetails(filedetails, function(filename) return validator.is_valid_filename(filename, smtpdirectory) end)
end
function delsmtpfile(filename)