public/cache-proxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check local path boundary

Browse Source
This commit is contained in:
guochao 2024-12-18 17:08:47 +08:00
parent 5359b8b052
commit 1e63315634
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/proxy/main.go
View File

@ -160,6 +160,14 @@ func configFromFile(path string) (*Config, error) {
return nil, err return nil, err
} }
if config.Storage.Local != nil {
localPath, err := filepath.Abs(config.Storage.Local.Path)
if err != nil {
return nil, err
}
config.Storage.Local.Path = localPath
}
return config, nil return config, nil
} }
@ -170,6 +178,10 @@ func (server *Server) handleRequest(w http.ResponseWriter, r *http.Request) {
http.Error(w, err.Error(), http.StatusBadRequest) http.Error(w, err.Error(), http.StatusBadRequest)
return return
} }
if !strings.HasPrefix(fullpath, server.Storage.Local.Path) {
http.Error(w, "crossing local directory boundary", http.StatusBadRequest)
return
}
ranged := r.Header.Get("Range") != "" ranged := r.Header.Get("Range") != ""