bump version for release

Update CHANGELOG.md
server(filesystem): SafePath tweaks
2023-02-08 02:18:39 +00:00 · 2023-02-07 19:15:11 -07:00 · 2023-02-07 19:14:35 -07:00 · 2023-02-06 11:00:25 -07:00 · 2023-02-06 10:25:20 -07:00 · 2023-01-30 18:33:30 -07:00
8 changed files with 62 additions and 47 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Changelog
 ## v1.11.3
 ### Fixed
 * CVE-2023-25152
 ## v1.11.2
 ### Fixed
 * Backups being restored from remote storage (s3) erroring out due to a closed stream.
 * Fix IP validation logic for activity logs filtering out valid IPs instead of invalid IPs
 ## v1.11.1
 ### Changed
 * Release binaries are now built with Go 1.18.10
@@ -55,6 +64,10 @@
 * Archive progress is now reported correctly.
 * Labels for containers can now be set by the Panel.
 ## v1.7.3
 ### Fixed
 * CVE-2023-25152
 ## v1.7.2
 ### Fixed
 * The S3 backup driver now supports Cloudflare R2
--- a/README.md
+++ b/README.md
@@ -15,14 +15,12 @@ dependencies, and allowing users to authenticate with the same credentials they
 ## Sponsors
-I would like to extend my sincere thanks to the following sponsors for helping find Pterodactyl's developement.
+I would like to extend my sincere thanks to the following sponsors for helping find Pterodactyl's development.
 [Interested in becoming a sponsor?](https://github.com/sponsors/matthewpi)
 | Company                                                   | About                                                                                                                                                                                                                           |
 |-----------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | [**WISP**](https://wisp.gg)                               | Extra features.                                                                                                                                                                                                                 |
 | [**Fragnet**](https://fragnet.net)                        | Providing low latency, high-end game hosting solutions to gamers, game studios and eSports platforms.                                                                                                                           |
 | [**RocketNode**](https://rocketnode.com/)                 | Innovative game server hosting combined with a straightforward control panel, affordable prices, and Rocket-Fast support.                                                                                                       |
 | [**Aussie Server Hosts**](https://aussieserverhosts.com/) | No frills Australian Owned and operated High Performance Server hosting for some of the most demanding games serving Australia and New Zealand.                                                                                 |
 | [**BisectHosting**](https://www.bisecthosting.com/)       | BisectHosting provides Minecraft, Valheim and other server hosting services with the highest reliability and lightning fast support since 2012.                                                                                 |
 | [**MineStrator**](https://minestrator.com/)               | Looking for the most highend French hosting company for your minecraft server? More than 24,000 members on our discord trust us. Give us a try!                                                                                 |
@@ -30,6 +28,7 @@ I would like to extend my sincere thanks to the following sponsors for helping f
 | [**VibeGAMES**](https://vibegames.net/)                   | VibeGAMES is a game server provider that specializes in DDOS protection for the games we offer. We have multiple locations in the US, Brazil, France, Germany, Singapore, Australia and South Africa.                           |
 | [**Pterodactyl Market**](https://pterodactylmarket.com/)  | Pterodactyl Market is a one-and-stop shop for Pterodactyl. In our market, you can find Add-ons, Themes, Eggs, and more for Pterodactyl.                                                                                         |
 | [**UltraServers**](https://ultraservers.com/)             | Deploy premium games hosting with the click of a button. Manage and swap games with ease and let us take care of the rest. We currently support Minecraft, Rust, ARK, 7 Days to Die, Garys MOD, CS:GO, Satisfactory and others. |
 | [**Realms Hosting**](https://realmshosting.com/)          | Want to build your Gaming Empire? Use Realms Hosting today to kick start your game server hosting with outstanding DDOS Protection, 24/7 Support, Cheap Prices and a Custom Control Panel.                                      |                                                                                                                                                                                                                                |
 ## Documentation
--- a/internal/cron/activity_cron.go
+++ b/internal/cron/activity_cron.go
@@ -49,7 +49,7 @@ func (ac *activityCron) Run(ctx context.Context) error {
 	for _, v := range activity {
 		// Delete any activity that has an invalid IP address. This is a fix for
 		// a bug that truncated the last octet of an IPv6 address in the database.
-		if err := net.ParseIP(v.IP); err != nil {
+		if ip := net.ParseIP(v.IP); ip == nil {
 			ids = append(ids, v.ID)
 			continue
 		}
--- a/router/router_server_backup.go
+++ b/router/router_server_backup.go
@@ -147,7 +147,6 @@ func postServerRestoreBackup(c *gin.Context) {
 		middleware.CaptureAndAbort(c, err)
 		return
 	}
 	defer res.Body.Close()
 	// Don't allow content types that we know are going to give us problems.
 	if res.Header.Get("Content-Type") == "" || !strings.Contains("application/x-gzip application/gzip", res.Header.Get("Content-Type")) {
 		_ = res.Body.Close()
--- a/server/filesystem/filesystem.go
+++ b/server/filesystem/filesystem.go
@@ -165,7 +165,7 @@ func (fs *Filesystem) Writefile(p string, r io.Reader) error {
 	// Adjust the disk usage to account for the old size and the new size of the file.
 	fs.addDisk(sz - currentSize)
-	return fs.Chown(cleaned)
+	return fs.unsafeChown(cleaned)
 }
 // Creates a new directory (name) at a specified path (p) for the server.
@@ -223,7 +223,12 @@ func (fs *Filesystem) Chown(path string) error {
 	if err != nil {
 		return err
 	}
 	return fs.unsafeChown(cleaned)
 }
 // unsafeChown chowns the given path, without checking if the path is safe. This should only be used
 // when the path has already been checked.
 func (fs *Filesystem) unsafeChown(path string) error {
 	if fs.isTest {
 		return nil
 	}
@@ -232,19 +237,19 @@ func (fs *Filesystem) Chown(path string) error {
 	gid := config.Get().System.User.Gid
 	// Start by just chowning the initial path that we received.
-	if err := os.Chown(cleaned, uid, gid); err != nil {
+	if err := os.Chown(path, uid, gid); err != nil {
 		return errors.Wrap(err, "server/filesystem: chown: failed to chown path")
 	}
 	// If this is not a directory we can now return from the function, there is nothing
 	// left that we need to do.
-	if st, err := os.Stat(cleaned); err != nil || !st.IsDir() {
+	if st, err := os.Stat(path); err != nil || !st.IsDir() {
 		return nil
 	}
 	// If this was a directory, begin walking over its contents recursively and ensure that all
 	// of the subfiles and directories get their permissions updated as well.
-	err = godirwalk.Walk(cleaned, &godirwalk.Options{
+	err := godirwalk.Walk(path, &godirwalk.Options{
 		Unsorted: true,
 		Callback: func(p string, e *godirwalk.Dirent) error {
 			// Do not attempt to chown a symlink. Go's os.Chown function will affect the symlink
@@ -261,7 +266,6 @@ func (fs *Filesystem) Chown(path string) error {
 			return os.Chown(p, uid, gid)
 		},
 	})
 	return errors.Wrap(err, "server/filesystem: chown: failed to chown during walk function")
 }
--- a/server/filesystem/path.go
+++ b/server/filesystem/path.go
@@ -2,6 +2,7 @@ package filesystem
 import (
 	"context"
 	iofs "io/fs"
 	"os"
 	"path/filepath"
 	"strings"
@@ -33,8 +34,6 @@ func (fs *Filesystem) IsIgnored(paths ...string) error {
 // This logic is actually copied over from the SFTP server code. Ideally that eventually
 // either gets ported into this application, or is able to make use of this package.
 func (fs *Filesystem) SafePath(p string) (string, error) {
 	var nonExistentPathResolution string
 	// Start with a cleaned up path before checking the more complex bits.
 	r := fs.unsafeFilePath(p)
@@ -44,47 +43,24 @@ func (fs *Filesystem) SafePath(p string) (string, error) {
 	if err != nil && !os.IsNotExist(err) {
 		return "", errors.Wrap(err, "server/filesystem: failed to evaluate symlink")
 	} else if os.IsNotExist(err) {
-		// The requested directory doesn't exist, so at this point we need to iterate up the
+		// The target of one of the symlinks (EvalSymlinks is recursive) does not exist.
-		// path chain until we hit a directory that _does_ exist and can be validated.
+		// So we get what target path does not exist and check if it's within the data
-		parts := strings.Split(filepath.Dir(r), "/")
+		// directory. If it is, we return the original path, otherwise we return an error.
-
+		pErr, ok := err.(*iofs.PathError)
-		var try string
+		if !ok {
-		// Range over all of the path parts and form directory pathings from the end
+			return "", errors.Wrap(err, "server/filesystem: failed to evaluate symlink")
 		// moving up until we have a valid resolution or we run out of paths to try.
 		for k := range parts {
 			try = strings.Join(parts[:(len(parts)-k)], "/")
 			if !fs.unsafeIsInDataDirectory(try) {
 				break
 		}
-
+		ep = pErr.Path
 			t, err := filepath.EvalSymlinks(try)
 			if err == nil {
 				nonExistentPathResolution = t
 				break
 			}
 		}
 	}
 	// If the new path doesn't start with their root directory there is clearly an escape
 	// attempt going on, and we should NOT resolve this path for them.
 	if nonExistentPathResolution != "" {
 		if !fs.unsafeIsInDataDirectory(nonExistentPathResolution) {
 			return "", NewBadPathResolution(p, nonExistentPathResolution)
 		}
 		// If the nonExistentPathResolution variable is not empty then the initial path requested
 		// did not exist and we looped through the pathway until we found a match. At this point
 		// we've confirmed the first matched pathway exists in the root server directory, so we
 		// can go ahead and just return the path that was requested initially.
 		return r, nil
 	}
 	// If the requested directory from EvalSymlinks begins with the server root directory go
 	// ahead and return it. If not we'll return an error which will block any further action
 	// on the file.
 	if fs.unsafeIsInDataDirectory(ep) {
-		return ep, nil
+		// Returning the original path here instead of the resolved path ensures that
 		// whatever the user is trying to do will work as expected. If we returned the
 		// resolved path, the user would be unable to know that it is in fact a symlink.
 		return r, nil
 	}
 	return "", NewBadPathResolution(p, r)
--- a/server/filesystem/path_test.go
+++ b/server/filesystem/path_test.go
@@ -115,6 +115,14 @@ func TestFilesystem_Blocks_Symlinks(t *testing.T) {
 		panic(err)
 	}
 	if err := os.Symlink(filepath.Join(rfs.root, "malicious_does_not_exist.txt"), filepath.Join(rfs.root, "/server/symlinked_does_not_exist.txt")); err != nil {
 		panic(err)
 	}
 	if err := os.Symlink(filepath.Join(rfs.root, "/server/symlinked_does_not_exist.txt"), filepath.Join(rfs.root, "/server/symlinked_does_not_exist2.txt")); err != nil {
 		panic(err)
 	}
 	if err := os.Symlink(filepath.Join(rfs.root, "/malicious_dir"), filepath.Join(rfs.root, "/server/external_dir")); err != nil {
 		panic(err)
 	}
@@ -128,6 +136,22 @@ func TestFilesystem_Blocks_Symlinks(t *testing.T) {
 			g.Assert(IsErrorCode(err, ErrCodePathResolution)).IsTrue()
 		})
 		g.It("cannot write to a non-existent file symlinked outside the root", func() {
 			r := bytes.NewReader([]byte("testing what the fuck"))
 			err := fs.Writefile("symlinked_does_not_exist.txt", r)
 			g.Assert(err).IsNotNil()
 			g.Assert(IsErrorCode(err, ErrCodePathResolution)).IsTrue()
 		})
 		g.It("cannot write to chained symlinks with target that does not exist outside the root", func() {
 			r := bytes.NewReader([]byte("testing what the fuck"))
 			err := fs.Writefile("symlinked_does_not_exist2.txt", r)
 			g.Assert(err).IsNotNil()
 			g.Assert(IsErrorCode(err, ErrCodePathResolution)).IsTrue()
 		})
 		g.It("cannot write a file to a directory symlinked outside the root", func() {
 			r := bytes.NewReader([]byte("testing"))
--- a/system/const.go
+++ b/system/const.go
@@ -1,3 +1,3 @@
 package system
-var Version = "1.11.1"
+var Version = "1.11.3"
Author	SHA1	Message	Date
Pterodactyl CI	4b012bd659	bump version for release	2023-02-08 02:18:39 +00:00
Matthew Penner	020abec6f2	Update CHANGELOG.md	2023-02-07 19:15:11 -07:00
Matthew Penner	dac9685298	server(filesystem): SafePath tweaks	2023-02-07 19:14:35 -07:00
Matthew Penner	519d38f238	Update README.md	2023-02-06 11:00:25 -07:00
Matthew Penner	1d17233d6d	Update README.md	2023-02-06 10:25:20 -07:00
Matthew Penner	774c0af0b0	Update CHANGELOG.md	2023-01-30 18:33:30 -07:00
Alexander Trost	71fbd9271e	activity: fix ip validity check (#159 )	2023-01-30 09:09:36 -07:00
Matthew Penner	2d640209e5	backup: fix restore erroring due to closed reader	2023-01-29 17:06:49 -07:00
`@@ -1,3 +1,3 @@`
	`package system`	`package system`

	`var Version = "1.11.1"`	`var Version = "1.11.3"`