diff options
| author | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-10 19:16:02 +0000 |
|---|---|---|
| committer | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-10 19:16:02 +0000 |
| commit | f34d588eafb45ad5f39ac0d1e09d297a10a3029a (patch) | |
| tree | 346d34f1e935784b624e2dd3b9b2f599ce5af7b4 /webkit/database | |
| parent | 62dcf31cba5757e978708e3dc8b4deb323a08cc5 (diff) | |
| download | chromium_src-f34d588eafb45ad5f39ac0d1e09d297a10a3029a.zip chromium_src-f34d588eafb45ad5f39ac0d1e09d297a10a3029a.tar.gz chromium_src-f34d588eafb45ad5f39ac0d1e09d297a10a3029a.tar.bz2 | |
Guard against directory traversal due to evil message from compromised
renderer.
TEST=NONE
BUG=29828
Review URL: http://codereview.chromium.org/467061
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34264 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/database')
| -rw-r--r-- | webkit/database/database_util.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/webkit/database/database_util.cc b/webkit/database/database_util.cc index b1ba76a..ae52a5a 100644 --- a/webkit/database/database_util.cc +++ b/webkit/database/database_util.cc @@ -52,6 +52,10 @@ FilePath DatabaseUtil::GetFullFilePathForVfsFile( full_path = FilePath::FromWStringHack( full_path.ToWStringHack() + UTF16ToWide(sqlite_suffix)); } + // Watch out for directory traversal attempts from a compromised renderer. + if (full_path.value().find(FILE_PATH_LITERAL("..")) != + FilePath::StringType::npos) + return FilePath(); return full_path; } |