belt and suspenders path injection check

This does not seem to be necessary for the HTTP server, because servant parses the StorableObjectIdent out of query path, so it can't contain `/`. But, what if the HTTP server were running on windows? Then, `\` could be embedded in the StorableObjectIdent or perhaps a drive letter, etc. So, best to have a second level of defense against path injection.
author: Joey Hess <joeyh@joeyh.name> 2016-08-28 13:08:06 -0400
committer: Joey Hess <joeyh@joeyh.name> 2016-08-28 13:08:06 -0400
commit: cae083aa1cf6a3d0e009eaa0f6b2cef9311fef61 (patch)
tree: adf5fbfecc2c3ae5292a1e1c4f0228d1221088b0 /Storage
parent: b35b44e0d47abca77107ad689b620c0721412cb6 (diff)
download: keysafe-cae083aa1cf6a3d0e009eaa0f6b2cef9311fef61.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/Storage/Local.hs b/Storage/Local.hs
index 510b8ef..e8f6010 100644
--- a/Storage/Local.hs
+++ b/Storage/Local.hs
@@ -120,8 +120,11 @@ shareDir (Section section) = do
 	u <- getUserEntryForID =<< getEffectiveUserID
 	return $ homeDirectory u </> dotdir </> section
 
+-- | The takeFileName ensures that, if the StorableObjectIdent somehow
+-- contains a path (eg starts with "../" or "/"), it is not allowed
+-- to point off outside the shareDir.
 shareFile :: StorableObjectIdent -> FilePath
-shareFile i = U8.toString (toByteString i) <> ext
+shareFile i = takeFileName (U8.toString (toByteString i)) <> ext
 
 fromShareFile :: FilePath -> Maybe StorableObjectIdent
 fromShareFile f
author	Joey Hess <joeyh@joeyh.name>	2016-08-28 13:08:06 -0400
committer	Joey Hess <joeyh@joeyh.name>	2016-08-28 13:08:06 -0400
commit	cae083aa1cf6a3d0e009eaa0f6b2cef9311fef61 (patch)
tree	adf5fbfecc2c3ae5292a1e1c4f0228d1221088b0 /Storage
parent	b35b44e0d47abca77107ad689b620c0721412cb6 (diff)
download	keysafe-cae083aa1cf6a3d0e009eaa0f6b2cef9311fef61.tar.gz