mirrors/deluge
0
0
Fork 0
mirror of https://git.deluge-torrent.org/deluge synced 2025-09-02 16:15:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[WebUI] Fix js script dir traversal vulnerability

Browse source 
Normalise the path to find scripts and skip any scripts located outside
of the deluge scripts directory.

Ref: GHSL-2024-188
Issue: https://github.com/deluge-torrent/deluge/security/advisories/GHSA-3mmw-mvr2-44rw
This commit is contained in:
Calum Lind 2024-08-24 20:22:11 +01:00
commit a83f56a8a5
No known key found for this signature in database
GPG key ID: 90597A687B836BA3
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
deluge/ui/web/server.py
View file

@ -449,8 +449,18 @@ class ScriptResource(resource.Resource, component.Component):
filepath = filepath[0] filepath = filepath[0]
path = filepath + lookup_path[len(pattern) :] path = filepath + lookup_path[len(pattern) :]
path = os.path.abspath(path)
if not os.path.commonpath([path, filepath]) == filepath:
log.warning(
'Script path %s traverses out of common dir %s',
path,
filepath,
)
continue
if not os.path.isfile(path): if not os.path.isfile(path):
log.warning('Unable to serve script which does not exist: %s', path)
continue continue
log.debug('Serving path: %s', path) log.debug('Serving path: %s', path)