Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add check to make sure the target paths are within the allowed mount directory! #2

Open
Maxwell175 opened this issue Dec 23, 2017 · 1 comment
Open

Add check to make sure the target paths are within the allowed mount directory! #2

Maxwell175 opened this issue Dec 23, 2017 · 1 comment
Labels
security

Comments

@Maxwell175
Copy link
Owner

Maxwell175 commented Dec 23, 2017
edited
Loading

Before executing any of the requests make sure that the target path provided by the client doesn't have any gotchas such as an extra trip to the parent directory of the mount point, or worse the root of the actual server's file system.

Obviously, this shouldn't happen unless there is a serious client-side bug (or the client is actually a malicious attacker).
@deepakchethan deepakchethan mentioned this issue Aug 1, 2018
Closed
@deepakchethan deepakchethan mentioned this issue Aug 14, 2018
Merged
@Maxwell175
Copy link
Owner Author

I will complete some more extensive testing before completely closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Maxwell175