From 9a8c35db6b881d979af84f65fe35a01e4f04ef87 Mon Sep 17 00:00:00 2001 From: Uwe Seimet Date: Wed, 15 Sep 2021 10:57:12 +0200 Subject: [PATCH] Added path check --- doc/rasctl.1 | 2 +- doc/rasctl_man_page.txt | 4 ++-- src/raspberrypi/rascsi.cpp | 6 ++++-- src/raspberrypi/rascsi_interface.proto | 6 +++++- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/doc/rasctl.1 b/doc/rasctl.1 index 3ae1290a..f0a6d196 100644 --- a/doc/rasctl.1 +++ b/doc/rasctl.1 @@ -29,7 +29,7 @@ Note: The command and type arguments are case insensitive. Only the first letter .SH OPTIONS .TP .BR \-a\fI " "\fIFILENAME:FILESIZE -Create a disk image file with the specified name and size in bytes. +Create an image file in the default image folder with the specified name and size in bytes. .TP .BR \-g\fI " "\fILOG_LEVEL Set the rascsi log level (trace, debug, info, warn, err, critical, off). diff --git a/doc/rasctl_man_page.txt b/doc/rasctl_man_page.txt index 171e8072..e5ebc652 100644 --- a/doc/rasctl_man_page.txt +++ b/doc/rasctl_man_page.txt @@ -22,8 +22,8 @@ DESCRIPTION OPTIONS -a FILENAME:FILESIZE - Create a disk image file with the specified name and size in - bytes. + Create an image file in the default image folder with the speci‐ + fied name and size in bytes. -g LOG_LEVEL Set the rascsi log level (trace, debug, info, warn, err, criti‐ diff --git a/src/raspberrypi/rascsi.cpp b/src/raspberrypi/rascsi.cpp index cf6eed94..24eec3eb 100644 --- a/src/raspberrypi/rascsi.cpp +++ b/src/raspberrypi/rascsi.cpp @@ -712,10 +712,12 @@ bool CreateImage(int fd, const PbCommand& command) } string filename = command.params().Get(0); - if (filename[0] != '/') { - filename = default_image_folder + "/" + filename; + if (filename.find('/') != string::npos) { + return ReturnStatus(fd, false, "The image filename '" + filename + "' must not contain a path"); } + filename = default_image_folder + "/" + filename; + off_t len; try { len = stoul(command.params().Get(1)); diff --git a/src/raspberrypi/rascsi_interface.proto b/src/raspberrypi/rascsi_interface.proto index 666f1471..8d7102bd 100644 --- a/src/raspberrypi/rascsi_interface.proto +++ b/src/raspberrypi/rascsi_interface.proto @@ -61,8 +61,12 @@ enum PbOperation { RESERVE = 14; // Create an image file. The image file must not yet exist. // PbCommand.params(0) contains the filename, PbCommand.params(1) contains the file size in bytes. - // If the filename is relative (does not start with a slash) the file is created in the default image folder. + // The filename always refers to the default image folder and must not contain a slash. CREATE_IMAGE = 15; + // Delete an image file + // PbCommand.params(0) contains the filename. + // The filename always refers to the default image folder and must not contain a slash. + DELETE_IMAGE = 16; } // The properties supported by a device, helping clients to offer a good user experience