[pve-devel] [PATCH storage v6 04/12] ovf: improve and simplify path checking code
Fiona Ebner
f.ebner at proxmox.com
Mon Nov 18 13:25:27 CET 2024
Am 15.11.24 um 16:17 schrieb Dominik Csapak:
> moves the filepath code a bit more closer to where it's actually used
> checks the contained path before trying to find it's absolute path
> properly add error handling to realpath
>
> instead of checking the combined ovf_path + filepath, just make sure
> filepath can't point to anythign besides a file in this directory
> by checking for '.' and '..' (slashes are not allowed in SAFE_CHAR_CLASS_RE)
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
Reviewed-by: Fiona Ebner <f.ebner at proxmox.com>
More information about the pve-devel
mailing list