diff options
| author | jenkins4kodi <jenkins4kodi@users.noreply.github.com> | 2015-11-29 12:25:14 +0100 |
|---|---|---|
| committer | jenkins4kodi <jenkins4kodi@users.noreply.github.com> | 2015-11-29 12:25:14 +0100 |
| commit | c1e538e8bd2936ded91cdb03ad8914412cae6773 (patch) | |
| tree | 4b739872e3276065bfd4b88baff1efa4b66a9328 | |
| parent | b67d1370a614fd028b575fe2e7710cb4770bb57f (diff) | |
| parent | 4e903ffd3803454bdfae37b8fd453906c681e2a6 (diff) | |
Merge pull request #8446 from Memphiz/fix_http_traversal
| -rw-r--r-- | xbmc/network/httprequesthandler/HTTPWebinterfaceHandler.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/xbmc/network/httprequesthandler/HTTPWebinterfaceHandler.cpp b/xbmc/network/httprequesthandler/HTTPWebinterfaceHandler.cpp index 15f51f77a8..652cd966f6 100644 --- a/xbmc/network/httprequesthandler/HTTPWebinterfaceHandler.cpp +++ b/xbmc/network/httprequesthandler/HTTPWebinterfaceHandler.cpp @@ -121,5 +121,12 @@ bool CHTTPWebinterfaceHandler::ResolveAddon(const std::string &url, ADDON::Addon // append the path within the addon to the path of the addon addonPath = URIUtils::AddFileToFolder(addonPath, path); + // ensure that we don't have a directory traversal hack here + // by checking if the resolved absolute path is inside the addon path + std::string realPath = URIUtils::GetRealPath(addonPath); + std::string realAddonPath = URIUtils::GetRealPath(addon->Path()); + if (!URIUtils::IsInPath(realPath, realAddonPath)) + return false; + return true; } |