From: Tomek Mrugalski <tomasz@isc.org>
Date: Thu, 20 Apr 2017 09:56:15 +0000 (+0200)
Subject: [5187] Path checks removed in config-write in libprocess
X-Git-Tag: trac5243x_base~15^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f310c7d20e7abc29a66ec439f38fd6b3c9e4cee8;p=thirdparty%2Fkea.git

[5187] Path checks removed in config-write in libprocess
---

diff --git a/src/lib/process/d_controller.cc b/src/lib/process/d_controller.cc
index 3e05aab24d..b325404638 100644
--- a/src/lib/process/d_controller.cc
+++ b/src/lib/process/d_controller.cc
@@ -446,26 +446,6 @@ DControllerBase::configWriteHandler(const std::string&,
         }
     }
 
-    // Now do the sanity checks on the filename
-    if (filename.find("..") != std::string::npos) {
-        // Trying to escape the directory.. nope.
-        return (createAnswer(COMMAND_ERROR,
-                             "Using '..' in filename is not allowed."));
-    }
-
-    if (filename.find("\\") != std::string::npos) {
-        // Trying to inject escapes (possibly to inject quotes and something
-        // nasty afterward)
-        return (createAnswer(COMMAND_ERROR,
-                             "Using \\ in filename is not allowed."));
-    }
-
-    if (filename[0] == '/') {
-        // Absolute paths are not allowed.
-        return (createAnswer(COMMAND_ERROR,
-                             "Absolute path in filename is not allowed."));
-    }
-
     // Ok, it's time to write the file.
     size_t size = 0;
     try {