From c10edc1dfb2f3fcb22bbf731d3677247c24250da Mon Sep 17 00:00:00 2001 From: Jacob Bachmeyer Date: Sat, 8 Oct 2022 22:14:28 -0500 Subject: [PATCH] Remove redundant checks on symlink and archive commands The tighter file name patterns now exclude ".." name components, so these branches are now dead code. --- gatekeeper.pl | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/gatekeeper.pl b/gatekeeper.pl index bef37b6..00ebe04 100755 --- a/gatekeeper.pl +++ b/gatekeeper.pl @@ -1241,28 +1241,17 @@ sub read_directive_file { $tainted_val =~ /^($RE_filename_relative)\s+($RE_filename_relative)$/ or fatal("invalid parameters for symlink command: $tainted_val", 1,$directive_file_contents); - my ($target,$link) = ($1,$2); # so far so good - fatal("invalid parameters for symlink command(2): $tainted_val", - 1,$directive_file_contents) - if ($target =~ /\.\./ || $link =~ /\.\./); - $info{"symlink-$target"} = {"link" => $link, "order" => $cnt++}; #ok. + # $1 -- link target $2 -- link name + $info{"symlink-$1"} = {"link" => $2, "order" => $cnt++}; #ok. } elsif ($tainted_cmd =~ /^rmsymlink:?$/i) { $tainted_val =~ /^($RE_filename_relative)$/ or fatal("invalid parameters for rmsymlink command: $tainted_val", 1,$directive_file_contents); - my $val = $1; # so far so good - fatal("invalid parameters for rmsymlink command(2): $tainted_val", - 1,$directive_file_contents) - if ($val =~ /\.\./); $info{"rmsymlink-$1"} = {"order" => $cnt++}; #ok. } elsif ($tainted_cmd =~ /^archive:?$/i) { $tainted_val =~ /^($RE_filename_relative)$/ or fatal("invalid parameters for archive command: $tainted_val", 1,$directive_file_contents); - my $val = $1; # so far so good - fatal("invalid parameters for archive command(2): $tainted_val", - 1,$directive_file_contents) - if ($val =~ /\.\./); $info{"archive-$1"} = {"order" => $cnt++}; #ok. } elsif ($tainted_cmd =~ /^replace:?$/i) { # This command is only supported from v1.2 -- 2.25.1