Don't allow path traversal paths on the base file helpers

This forces explicit normalization of paths and make path escaping security bugs much harder to exploit. See for example bug 167122 BUG=168890 TEST=included tests Review URL: https://codereview.chromium.org/11782005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@175642 0039d316-1c4b-4281-b951-d872f2087c98
author: cpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-01-09 00:38:59 +0000
committer: cpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-01-09 00:38:59 +0000
commit: 9fea5a9b229b6a114629c8787f614b2e9f1048fc (patch)
tree: a7c6e2a2fcf047e7951cf33e96047f0d511e8655 /base/file_util.cc
parent: c79ca045d5c7e03eb5d9bd7e6bd42fff6cf169fb (diff)
download: chromium_src-9fea5a9b229b6a114629c8787f614b2e9f1048fc.zip
chromium_src-9fea5a9b229b6a114629c8787f614b2e9f1048fc.tar.gz
chromium_src-9fea5a9b229b6a114629c8787f614b2e9f1048fc.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/base/file_util.cc b/base/file_util.cc
index effee8a..7efb22b 100644
--- a/base/file_util.cc
+++ b/base/file_util.cc
@@ -152,6 +152,8 @@ bool TextContentsEqual(const FilePath& filename1, const FilePath& filename2) {
 }
 
 bool ReadFileToString(const FilePath& path, std::string* contents) {
+  if (path.ReferencesParent())
+    return false;
   FILE* file = OpenFile(path, "rb");
   if (!file) {
     return false;
author	cpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-01-09 00:38:59 +0000
committer	cpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-01-09 00:38:59 +0000
commit	9fea5a9b229b6a114629c8787f614b2e9f1048fc (patch)
tree	a7c6e2a2fcf047e7951cf33e96047f0d511e8655 /base/file_util.cc
parent	c79ca045d5c7e03eb5d9bd7e6bd42fff6cf169fb (diff)
download	chromium_src-9fea5a9b229b6a114629c8787f614b2e9f1048fc.zip chromium_src-9fea5a9b229b6a114629c8787f614b2e9f1048fc.tar.gz chromium_src-9fea5a9b229b6a114629c8787f614b2e9f1048fc.tar.bz2