Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

filter special characters from incoming FT filenames #111

Closed
zoff99 opened this issue Nov 4, 2020 · 3 comments
Closed

filter special characters from incoming FT filenames #111

zoff99 opened this issue Nov 4, 2020 · 3 comments

Comments

@zoff99
Copy link

zoff99 commented Nov 4, 2020
edited
Loading

filter '/' and '\' and '..' from incoming filename

toxic/src/chat.c

Line 622 in a86884c

snprintf(file_path, file_path_buf_size, "%s%s", user_settings->download_path, filename);

toxic/src/chat.c

Line 622 in a86884c

snprintf(file_path, file_path_buf_size, "%s%s", user_settings->download_path, filename);

@JFreegman
Copy link
Member

JFreegman commented Nov 5, 2020
edited
Loading

What's wrong with ..? Or do you just mean .. without any other characters?

@JFreegman JFreegman mentioned this issue Nov 5, 2020
Merged
@zoff99
Copy link
Author

zoff99 commented Nov 5, 2020

because when the filename is
'/../../../../../../../../../../../../home/jfreegman/.bashrc'
then not matter what directory you prefix it with, it may write a nice .bashrc in your homedir with some sudo commands in it, if you don't have a .bashrc yet

@JFreegman
Copy link
Member

Ok, that problem is solved by not allowing the / character.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JFreegman @zoff99