Fix a problem where invalid stage config could lead into broken stages

author Michael Friedrich <michael.friedrich@netways.de>

Fri, 24 Jul 2015 14:05:13 +0000 (16:05 +0200)

committer Michael Friedrich <michael.friedrich@netways.de>

Fri, 24 Jul 2015 14:05:13 +0000 (16:05 +0200)
author Michael Friedrich <michael.friedrich@netways.de>
Fri, 24 Jul 2015 14:05:13 +0000 (16:05 +0200)
committer Michael Friedrich <michael.friedrich@netways.de>
Fri, 24 Jul 2015 14:05:13 +0000 (16:05 +0200)
diff --git a/lib/remote/configmoduleutility.cpp b/lib/remote/configmoduleutility.cpp

index b927c87fc4c4510b93a9e3fcd1379ee13e8123a4..feac2bc0a78dbb473cb00fbbf54a3235ca2bbaea 100644 (file)
--- a/lib/remote/configmoduleutility.cpp
+++ b/lib/remote/configmoduleutility.cpp
@@ -84,10 +84,13 @@ String ConfigModuleUtility::CreateStage(const String& moduleName, const Dictiona
         Utility::MkDirP(path, 0700);
         WriteStageConfig(moduleName, stageName);
  
+       bool foundDotDot = false;
         ObjectLock olock(files);
         BOOST_FOREACH(const Dictionary::Pair& kv, files) {
-               if (ContainsDotDot(kv.first))
-                       BOOST_THROW_EXCEPTION(std::invalid_argument("Path must not contain '..'."));
+               if (ContainsDotDot(kv.first)) {
+                       foundDotDot = true;
+                       break;
+               }
  
                 String filePath = path + "/" + kv.first;
  
@@ -101,6 +104,11 @@ String ConfigModuleUtility::CreateStage(const String& moduleName, const Dictiona
                 fp.close();
         }
  
+       if (foundDotDot) {
+               Utility::RemoveDirRecursive(path);
+               BOOST_THROW_EXCEPTION(std::invalid_argument("Path must not contain '..'."));
+       }
+
         return stageName;
  }
author	Michael Friedrich <michael.friedrich@netways.de>
	Fri, 24 Jul 2015 14:05:13 +0000 (16:05 +0200)
committer	Michael Friedrich <michael.friedrich@netways.de>
	Fri, 24 Jul 2015 14:05:13 +0000 (16:05 +0200)