MCorange/wings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enforce the egg's file denylist more thoroughly

Browse Source 
Closes pterodactyl/panel#5042
This commit is contained in:
Victor B.
2024-03-25 15:49:34 +01:00
parent 1f77d2256b
commit e7139a9dc9
4 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
sftp/handler.go
View File

@@ -79,6 +79,9 @@ func (h *Handler) Fileread(request *sftp.Request) (io.ReaderAt, error) {
}
h.mu.Lock()
defer h.mu.Unlock()
if err := h.fs.IsIgnored(request.Filepath); err != nil {
return nil, err
}
f, _, err := h.fs.File(request.Filepath)
if err != nil {
if !errors.Is(err, os.ErrNotExist) {
@@ -104,6 +107,10 @@ func (h *Handler) Filewrite(request *sftp.Request) (io.WriterAt, error) {
h.mu.Lock()
defer h.mu.Unlock()
if err := h.fs.IsIgnored(request.Filepath); err != nil {
return nil, err
}
// The specific permission required to perform this action. If the file exists on the
// system already it only needs to be an update, otherwise we'll check for a create.
permission := PermissionFileUpdate
@@ -148,6 +155,10 @@ func (h *Handler) Filecmd(request *sftp.Request) error {
l = l.WithField("target", request.Target)
}
if err := h.fs.IsIgnored(request.Filepath); err != nil {
return err
}
switch request.Method {
// Allows a user to make changes to the permissions of a given file or directory
// on their server using their SFTP client.