From 7d74cb691d020ebbbe01c8a19ad4b28fc2d00ee1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9C=E9=99=B6=E9=87=91=E6=B2=9B=E2=80=9D?= Date: Thu, 8 May 2025 14:45:13 +0800 Subject: [PATCH 1/5] =?UTF-8?q?ai=20alarm:=E4=BD=BF=E7=94=A8=E5=AE=89?= =?UTF-8?q?=E5=85=A8=E8=B7=AF=E5=BE=84=E6=8B=BC=E6=8E=A5=E6=96=B9=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: “陶金沛” --- .../kits/js/src/mod_fs/properties/copy.cpp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/interfaces/kits/js/src/mod_fs/properties/copy.cpp b/interfaces/kits/js/src/mod_fs/properties/copy.cpp index ba09491ce..bf02b891a 100644 --- a/interfaces/kits/js/src/mod_fs/properties/copy.cpp +++ b/interfaces/kits/js/src/mod_fs/properties/copy.cpp @@ -704,6 +704,19 @@ void Copy::CloseNotifyFdLocked(std::shared_ptr infos, std::shared_ptr CloseNotifyFd(infos, callback); } +static bool CheckRealPath(string path, string parent) +{ + char resolved_path[PATH_MAX]; + if (realpath(path.c_str(), resolved_path) == NULL) { + return; + } + std::string normalized_path(resolved_path); + if (normalized_path.find(parent) != 0) { + return; + } + return true; +} + tuple Copy::HandleProgress( inotify_event *event, std::shared_ptr infos, std::shared_ptr callback) { @@ -717,6 +730,9 @@ tuple Copy::HandleProgress( std::string fileName = receivedInfo->path; if (!infos->isFile) { // files under subdir fileName += "/" + string(event->name); + if (!CheckRealPath(fileName, receivedInfo->path)) { + return { true, EINVAL, false }; + } if (!CheckFileValid(fileName, infos)) { return { true, EINVAL, false }; } -- Gitee From 576fdba4727307b86011e2033ddfe3ea4fa013b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9C=E9=99=B6=E9=87=91=E6=B2=9B=E2=80=9D?= Date: Thu, 8 May 2025 15:59:45 +0800 Subject: [PATCH 2/5] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E8=BF=94=E5=9B=9E?= =?UTF-8?q?=E5=80=BC=E5=8F=8A=E8=B7=AF=E5=BE=84=E6=A3=80=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: “陶金沛” --- interfaces/kits/js/src/mod_fs/properties/copy.cpp | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/interfaces/kits/js/src/mod_fs/properties/copy.cpp b/interfaces/kits/js/src/mod_fs/properties/copy.cpp index bf02b891a..498cbda76 100644 --- a/interfaces/kits/js/src/mod_fs/properties/copy.cpp +++ b/interfaces/kits/js/src/mod_fs/properties/copy.cpp @@ -708,11 +708,19 @@ static bool CheckRealPath(string path, string parent) { char resolved_path[PATH_MAX]; if (realpath(path.c_str(), resolved_path) == NULL) { - return; + return false; } std::string normalized_path(resolved_path); - if (normalized_path.find(parent) != 0) { - return; + char resolved_parent[PATH_MAX]; + if (realpath(parent.c_str(), resolved_parent) == NULL) { + return false; + } + std::string normalized_parent(resolved_parent); + if (normalized_parent.back() != '/') { + normalized_parent += '/'; + } + if (normalized_path.find(normalized_parent) != 0) { + return false; } return true; } -- Gitee From 5e128940bbd5a87b9e07d4b37f2cc4a40a6972da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9C=E9=99=B6=E9=87=91=E6=B2=9B=E2=80=9D?= Date: Thu, 8 May 2025 16:16:22 +0800 Subject: [PATCH 3/5] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=8F=98=E9=87=8F?= =?UTF-8?q?=E4=B8=BA=E5=B0=8F=E9=A9=BC=E5=B3=B0=E5=BD=A2=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: “陶金沛” --- .../kits/js/src/mod_fs/properties/copy.cpp | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/interfaces/kits/js/src/mod_fs/properties/copy.cpp b/interfaces/kits/js/src/mod_fs/properties/copy.cpp index 498cbda76..eb99e1098 100644 --- a/interfaces/kits/js/src/mod_fs/properties/copy.cpp +++ b/interfaces/kits/js/src/mod_fs/properties/copy.cpp @@ -706,20 +706,20 @@ void Copy::CloseNotifyFdLocked(std::shared_ptr infos, std::shared_ptr static bool CheckRealPath(string path, string parent) { - char resolved_path[PATH_MAX]; - if (realpath(path.c_str(), resolved_path) == NULL) { + char resolvedPath[PATH_MAX]; + if (realpath(path.c_str(), resolvedPath) == NULL) { return false; } - std::string normalized_path(resolved_path); - char resolved_parent[PATH_MAX]; - if (realpath(parent.c_str(), resolved_parent) == NULL) { + std::string normalizedPath(resolvedPath); + char resolvedParent[PATH_MAX]; + if (realpath(parent.c_str(), resolvedParent) == NULL) { return false; } - std::string normalized_parent(resolved_parent); - if (normalized_parent.back() != '/') { - normalized_parent += '/'; + std::string normalizedParent(resolvedParent); + if (normalizedParent.back() != '/') { + normalizedParent += '/'; } - if (normalized_path.find(normalized_parent) != 0) { + if (normalizedPath.find(normalizedParent) != 0) { return false; } return true; -- Gitee From fe94ba61d82f46aa57cebde1837d42c3c5cff404 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9C=E9=99=B6=E9=87=91=E6=B2=9B=E2=80=9D?= Date: Thu, 8 May 2025 18:41:37 +0800 Subject: [PATCH 4/5] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E7=A9=BA=E6=8C=87?= =?UTF-8?q?=E9=92=88=E5=BD=A2=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: “陶金沛” --- interfaces/kits/js/src/mod_fs/properties/copy.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/interfaces/kits/js/src/mod_fs/properties/copy.cpp b/interfaces/kits/js/src/mod_fs/properties/copy.cpp index eb99e1098..33cd32441 100644 --- a/interfaces/kits/js/src/mod_fs/properties/copy.cpp +++ b/interfaces/kits/js/src/mod_fs/properties/copy.cpp @@ -707,12 +707,12 @@ void Copy::CloseNotifyFdLocked(std::shared_ptr infos, std::shared_ptr static bool CheckRealPath(string path, string parent) { char resolvedPath[PATH_MAX]; - if (realpath(path.c_str(), resolvedPath) == NULL) { + if (realpath(path.c_str(), resolvedPath) == nullptr) { return false; } std::string normalizedPath(resolvedPath); char resolvedParent[PATH_MAX]; - if (realpath(parent.c_str(), resolvedParent) == NULL) { + if (realpath(parent.c_str(), resolvedParent) == nullptr) { return false; } std::string normalizedParent(resolvedParent); -- Gitee From 45ccda79c9431900f0c88d674057176fb6d720af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9C=E9=99=B6=E9=87=91=E6=B2=9B=E2=80=9D?= Date: Thu, 8 May 2025 19:52:31 +0800 Subject: [PATCH 5/5] =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: “陶金沛” --- interfaces/kits/js/src/mod_fs/properties/copy.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/interfaces/kits/js/src/mod_fs/properties/copy.cpp b/interfaces/kits/js/src/mod_fs/properties/copy.cpp index 33cd32441..e8c00ccd0 100644 --- a/interfaces/kits/js/src/mod_fs/properties/copy.cpp +++ b/interfaces/kits/js/src/mod_fs/properties/copy.cpp @@ -706,12 +706,12 @@ void Copy::CloseNotifyFdLocked(std::shared_ptr infos, std::shared_ptr static bool CheckRealPath(string path, string parent) { - char resolvedPath[PATH_MAX]; + char resolvedPath[PATH_MAX + 1]; if (realpath(path.c_str(), resolvedPath) == nullptr) { return false; } std::string normalizedPath(resolvedPath); - char resolvedParent[PATH_MAX]; + char resolvedParent[PATH_MAX + 1]; if (realpath(parent.c_str(), resolvedParent) == nullptr) { return false; } -- Gitee