aboutsummaryrefslogtreecommitdiffstats
path: root/eth
diff options
context:
space:
mode:
authorMartin Holst Swende <martin@swende.se>2019-08-30 16:39:29 +0800
committerMartin Holst Swende <martin@swende.se>2019-08-30 16:39:29 +0800
commit292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d (patch)
tree4f859175a0b3749c13102800ff92c36975ce8cd0 /eth
parentcc9eb91d30a5d4806154b832b9665aecc617b6d8 (diff)
downloadgo-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.tar
go-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.tar.gz
go-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.tar.bz2
go-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.tar.lz
go-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.tar.xz
go-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.tar.zst
go-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.zip
eth: disallow overwrite files via admin.exportChain
Diffstat (limited to 'eth')
-rw-r--r--eth/api.go5
1 files changed, 5 insertions, 0 deletions
diff --git a/eth/api.go b/eth/api.go
index 98c2f5874..f8c51c09b 100644
--- a/eth/api.go
+++ b/eth/api.go
@@ -168,6 +168,11 @@ func NewPrivateAdminAPI(eth *Ethereum) *PrivateAdminAPI {
// ExportChain exports the current blockchain into a local file.
func (api *PrivateAdminAPI) ExportChain(file string) (bool, error) {
+ if _, err := os.Stat(file); err == nil {
+ // File already exists. Allowing overwrite could be a DoS vecotor,
+ // since the 'file' may point to arbitrary paths on the drive
+ return false, errors.New("location would overwrite an existing file")
+ }
// Make sure we can create the file to export into
out, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm)
if err != nil {