diff options
| author | Martin Holst Swende <martin@swende.se> | 2019-08-30 16:39:29 +0800 |
|---|---|---|
| committer | Martin Holst Swende <martin@swende.se> | 2019-08-30 16:39:29 +0800 |
| commit | 292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d (patch) | |
| tree | 4f859175a0b3749c13102800ff92c36975ce8cd0 /eth | |
| parent | cc9eb91d30a5d4806154b832b9665aecc617b6d8 (diff) | |
| download | go-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.tar go-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.tar.gz go-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.tar.bz2 go-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.tar.lz go-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.tar.xz go-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.tar.zst go-tangerine-292cf7c649c4fa6cc63ed6a1ae9368d1dc70588d.zip | |
eth: disallow overwrite files via admin.exportChain
Diffstat (limited to 'eth')
| -rw-r--r-- | eth/api.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/eth/api.go b/eth/api.go index 98c2f5874..f8c51c09b 100644 --- a/eth/api.go +++ b/eth/api.go @@ -168,6 +168,11 @@ func NewPrivateAdminAPI(eth *Ethereum) *PrivateAdminAPI { // ExportChain exports the current blockchain into a local file. func (api *PrivateAdminAPI) ExportChain(file string) (bool, error) { + if _, err := os.Stat(file); err == nil { + // File already exists. Allowing overwrite could be a DoS vecotor, + // since the 'file' may point to arbitrary paths on the drive + return false, errors.New("location would overwrite an existing file") + } // Make sure we can create the file to export into out, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm) if err != nil { |