Introduced path sanitizing

1513ea4a · Julian Rother · 1af75a44 · 1513ea4a · 1513ea4a · 1513ea4a
Commit 1513ea4a authored Dec 05, 2017 by Julian Rother
--- a/probe.c
+++ b/probe.c
@@ -75,9 +75,9 @@ int main(int argc, char *argv[])
 	jobid = atoi(argv[1]);
 	if (!strcmp(argv[2], "probe-raw"))
-		path = mprintf("%s/%s", getenv(WORKER_RAW), jstr(jlookup(argv[4], "path"), ""));
+		path = buildpath(getenv(WORKER_RAW), jstr(jlookup(argv[4], "path"), 0));
 	else
-		path = mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(argv[4], "path"), ""));
+		path = buildpath(getenv(WORKER_RELEASED), jstr(jlookup(argv[4], "path"), 0));
 	ping_job(jobid, "running", 0);
 	opts = 0;

--- a/publish_video.c
+++ b/publish_video.c
@@ -13,8 +13,8 @@ int main(int argc, char *argv[])
 	init_env();
 	init_avlogbuf();
 	jobid = atoi(argv[1]);
-	src = mprintf("%s/%s", getenv(WORKER_TMP), jstr(jlookup(argv[4], "source"), ""));
+	src = buildpath(getenv(WORKER_TMP), jstr(jlookup(argv[4], "source"), 0));
-	dest = mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(argv[4], "path"), ""));
+	dest = buildpath(getenv(WORKER_RELEASED), jstr(jlookup(argv[4], "path"), 0));
 	destdir = dirname(mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(argv[4], "path"), "")));
 	ping_job(jobid, "running", 0);
 	overwrite_check(dest, 0, 0);

--- a/remux.c
+++ b/remux.c
@@ -21,8 +21,8 @@ int main(int argc, char *argv[])
 	av_init_packet(&pkt);
 	jobid = atoi(argv[1]);
-	path = mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(argv[4], "path"), ""));
+	path = buildpath(getenv(WORKER_RELEASED), jstr(jlookup(argv[4], "path"), 0));
-	srcpath = mprintf("%s/%s", getenv(WORKER_RAW), jstr(jlookup(argv[4], "srcpath"), ""));
+	srcpath = buildpath(getenv(WORKER_RAW), jstr(jlookup(argv[4], "srcpath"), 0));
 	tmp = mprintf("%s/.tmp-%i", getenv(WORKER_TMP), jobid);
 	overwrite_check(path, srcpath, jstr(jlookup(argv[4], "srchash"), ""));
 	ping_job(jobid, "running", 0);

--- a/thumbnail.c
+++ b/thumbnail.c
@@ -37,7 +37,7 @@ int main(int argc, char *argv[])
 	/* Prepare arguments */
 	jobid = atoi(argv[1]);
-	src = mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(argv[4], "path"), ""));
+	src = buildpath(getenv(WORKER_RELEASED), jstr(jlookup(argv[4], "path"), 0));
 	tmp = mprintf("%s/.tmp-%i", getenv(WORKER_TMP), jobid);
 	dest = mprintf("%s/thumbnail/l_%s.jpg", getenv(WORKER_RELEASED),
 			jstr(jlookup(argv[4], "lectureid"), "0"));

--- a/transcode.c
+++ b/transcode.c
@@ -270,9 +270,9 @@ int main(int argc, char *argv[])
 	jobid = atoi(argv[1]);
 	input = jlookup(argv[4], "input");
-	inpath = mprintf("%s/%s", getenv(WORKER_RAW), jstr(jlookup(input, "path"), ""));
+	inpath = buildpath(getenv(WORKER_RAW), jstr(jlookup(input, "path"), 0));
 	output = jlookup(argv[4], "output");
-	outpath = mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(output, "path"), ""));
+	outpath = buildpath(getenv(WORKER_RELEASED), jstr(jlookup(output, "path"), 0));
 	tmppath = mprintf("%s/.tmp-%i", getenv(WORKER_TMP), jobid);
 	overwrite_check(outpath, inpath, jstr(jlookup(input, "hash"), ""));

--- a/util.h
+++ b/util.h
@@ -18,6 +18,7 @@ size_t filesize(char *path);
 char *json_fileinfo(char *path);
 void overwrite_check(char *path, char *srcpath, char *srchash);
 int checktime(time_t min);
+char *buildpath(char *root, char *path);
 #define WORKER_APIKEY "WORKER_APIKEY"
 #define WORKER_APIBASE "WORKER_APIBASE"

--- a/util/buildpath.c
+++ b/util/buildpath.c
+#include <stdlib.h>
+#include "../util.h"
+char *buildpath(char *root, char *path)
+{
+	char *tmp;
+	if (!path)
+		job_failed("Cannot build path: Value is empty");
+	if (!(root = realpath(root, 0)))
+		exit(99);
+	tmp = mprintf("%s/%s", root, path);
+	if (!(path = realpath(tmp, 0)))
+		exit(99);
+	free(tmp);
+	if (strncmp(root, path, strlen(root)))
+		job_failed("Cannot build path: Path points out of root directory");
+	free(root);
+	return path;
+}