From 759c8de73603135f58ee93395644e9829d3f72c3 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 9 Jul 2010 10:23:40 +0000 Subject: [PATCH] naming --- TODO | 3 --- src/fs/fs_download.c | 17 ++++++++++++++++- src/fs/fs_file_information.c | 5 +++-- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/TODO b/TODO index 843b24bca..b61f4d16d 100644 --- a/TODO +++ b/TODO @@ -17,9 +17,6 @@ - implement testcases - implement performance tests * FS: [CG] - - publishing a directory sets the embedded filename to "empty" - (likely an issue with cutting off everything before '/' in the filename, - which in the case of a directory would leave nothing) - trust: do not charge when "idle" / load considerations (migration, routing) - bound our priorities based on priorities used by other peers - datastore reservation (publishing) diff --git a/src/fs/fs_download.c b/src/fs/fs_download.c index 1ee4355ad..53bad3126 100644 --- a/src/fs/fs_download.c +++ b/src/fs/fs_download.c @@ -702,6 +702,7 @@ trigger_recursive_download (void *cls, char *us; char *ext; char *dn; + char *pos; char *full_name; if (NULL == uri) @@ -722,7 +723,7 @@ trigger_recursive_download (void *cls, fn = NULL; if (NULL == filename) { - fn = GNUNET_FS_meta_data_suggest_filename (meta); + fn = GNUNET_FS_meta_data_suggest_filename (meta); if (fn == NULL) { us = GNUNET_FS_uri_to_string (uri); @@ -741,6 +742,20 @@ trigger_recursive_download (void *cls, GNUNET_free (ext); GNUNET_free (us); } + /* change '\' to '/' (this should have happened + during insertion, but malicious peers may + not have done this) */ + while (NULL != (pos = strstr (fn, "\\"))) + *pos = '/'; + /* remove '../' everywhere (again, well-behaved + peers don't do this, but don't trust that + we did not get something nasty) */ + while (NULL != (pos = strstr (fn, "../"))) + { + pos[0] = '_'; + pos[1] = '_'; + pos[2] = '_'; + } filename = fn; } if (dc->filename == NULL) diff --git a/src/fs/fs_file_information.c b/src/fs/fs_file_information.c index 1973e2bc1..e0403b2ed 100644 --- a/src/fs/fs_file_information.c +++ b/src/fs/fs_file_information.c @@ -612,8 +612,9 @@ GNUNET_FS_file_information_create_from_directory (struct GNUNET_FS_Handle *h, dc.entries = dc.entries->next; } fn = filename; - while (NULL != (ss = strstr (fn, - DIR_SEPARATOR_STR))) + while ( (NULL != (ss = strstr (fn, + DIR_SEPARATOR_STR))) && + (strlen (ss) > 1) ) fn = ss + 1; GNUNET_CONTAINER_meta_data_insert (ret->meta, "", -- 2.25.1