Fix file traversal issue on incoming file transfers

Fixes CVE-2021-33896
This commit is contained in:
fiaxh 2021-06-07 09:56:25 -06:00
parent 1ac16ecd84
commit 0c8d25b7a3

View file

@ -45,7 +45,18 @@ public class FileTransfer : Object {
} }
} }
public string file_name { get; set; } private string file_name_;
public string file_name {
get { return file_name_; }
set {
file_name_ = Path.get_basename(value);
if (file_name_ == Path.DIR_SEPARATOR_S || file_name_ == ".") {
file_name_ = "unknown filename";
} else if (file_name_.has_prefix(".")) {
file_name_ = "_" + file_name_;
}
}
}
private string? server_file_name_ = null; private string? server_file_name_ = null;
public string server_file_name { public string server_file_name {
get { return server_file_name_ ?? file_name; } get { return server_file_name_ ?? file_name; }