Early paranoia in group name validation.

We will fail malicious paths in openDescriptionFile, but it doesn't harm to be paranoid early.
2024-11-09 18:25:58 +01:00 · 2021-08-24 00:31:46 +02:00 · 2021-08-24 00:31:46 +02:00 · 5beb13b21a
commit 5beb13b21a
parent 0d0a745aa3
2 changed files with 44 additions and 1 deletions
--- a/group/group.go
+++ b/group/group.go
@ -373,8 +373,22 @@ func Add(name string, desc *Description) (*Group, error) {
 	return g, err
 }

+func validGroupName(name string) bool {
+	if filepath.Separator != '/' &&
+		strings.ContainsRune(name, filepath.Separator) {
+		return false
+	}
+
+	s := path.Clean("/" + name)
+	if s == "/" {
+		return false
+	}
+
+	return s == "/"+name
+}
+
 func add(name string, desc *Description) (*Group, []Client, error) {
-	if name == "" || strings.HasSuffix(name, "/") {
+	if !validGroupName(name) {
 		return nil, nil, UserError("illegal group name")
 	}

--- a/group/group_test.go
+++ b/group/group_test.go
@ -245,3 +245,32 @@ func TestFmtpValue(t *testing.T) {
 		}
 	}
 }
+
+func TestValidGroupName(t *testing.T) {
+	type nameTest struct {
+		name   string
+		result bool
+	}
+	tests := []nameTest{
+		{"", false},
+		{"/", false},
+		{"/foo", false},
+		{"foo/", false},
+		{"./foo", false},
+		{"foo/.", false},
+		{"../foo", false},
+		{"foo/..", false},
+		{"foo/./bar", false},
+		{"foo/../bar", false},
+		{"foo", true},
+		{"foo/bar", true},
+	}
+
+	for _, test := range tests {
+		r := validGroupName(test.name)
+		if r != test.result {
+			t.Errorf("Valid %v: got %v, expected %v",
+				test.name, r, test.result)
+		}
+	}
+}