do not allow write snapshot file outside of parent dir (sofastack#490)

* do not allow write snapshot file outside of parent dir * do not allow write snapshot file outside of parent dir * do not allow write snapshot file outside of parent dir
mathdata · Jul 21, 2020 · 5ca7134 · 5ca7134
1 parent 31a9d71
commit 5ca7134
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/...-core/src/main/java/com/alipay/sofa/jraft/storage/snapshot/local/LocalSnapshotCopier.java b/...-core/src/main/java/com/alipay/sofa/jraft/storage/snapshot/local/LocalSnapshotCopier.java
@@ -123,6 +123,9 @@ void copyFile(final String fileName) throws IOException, InterruptedException {
             LOG.info("Skipped downloading {}", fileName);
             return;
         }
+        if (!checkFile(fileName)) {
+            return;
+        }
         final String filePath = this.writer.getPath() + File.separator + fileName;
         final Path subPath = Paths.get(filePath);
         if (!subPath.equals(subPath.getParent()) && !subPath.getParent().getFileName().toString().equals(".")) {
@@ -181,6 +184,28 @@ void copyFile(final String fileName) throws IOException, InterruptedException {
         }
     }
 
+    private boolean checkFile(final String fileName) {
+        try {
+            final String parentCanonicalPath = Paths.get(this.writer.getPath()).toFile().getCanonicalPath();
+            final Path filePath = Paths.get(parentCanonicalPath, fileName);
+            final File file = filePath.toFile();
+            final String fileAbsolutePath = file.getAbsolutePath();
+            final String fileCanonicalPath = file.getCanonicalPath();
+            if (!fileAbsolutePath.equals(fileCanonicalPath)) {
+                LOG.error("File[{}] are not allowed to be created outside of directory[{}].", fileAbsolutePath,
+                    fileCanonicalPath);
+                setError(RaftError.EIO, "File[%s] are not allowed to be created outside of directory.",
+                    fileAbsolutePath, fileCanonicalPath);
+                return false;
+            }
+        } catch (final IOException e) {
+            LOG.error("Failed to check file: {}, writer path: {}.", fileName, this.writer.getPath(), e);
+            setError(RaftError.EIO, "Failed to check file: {}, writer path: {}.", fileName, this.writer.getPath());
+            return false;
+        }
+        return true;
+    }
+
     private void loadMetaTable() throws InterruptedException {
         final ByteBufferCollector metaBuf = ByteBufferCollector.allocate(0);
         Session session = null;