diff options
author | kremlin <ian@kremlin.cc> | 2014-10-14 23:11:13 +0800 |
---|---|---|
committer | kremlin <ian@kremlin.cc> | 2014-10-14 23:11:13 +0800 |
commit | 0b7afeee3bb89a0185de1cb3d9937434f24388d7 (patch) | |
tree | e0fcc548c48569ea08b8b406211112674ac0b37c /src/interfaces/timedated | |
parent | c8a3e18eb82223e010f8adfae4a85b426a101a65 (diff) | |
download | systembsd-0b7afeee3bb89a0185de1cb3d9937434f24388d7.tar systembsd-0b7afeee3bb89a0185de1cb3d9937434f24388d7.tar.gz systembsd-0b7afeee3bb89a0185de1cb3d9937434f24388d7.tar.bz2 systembsd-0b7afeee3bb89a0185de1cb3d9937434f24388d7.tar.lz systembsd-0b7afeee3bb89a0185de1cb3d9937434f24388d7.tar.xz systembsd-0b7afeee3bb89a0185de1cb3d9937434f24388d7.tar.zst systembsd-0b7afeee3bb89a0185de1cb3d9937434f24388d7.zip |
prevent directory traversal in setTimezone
Diffstat (limited to 'src/interfaces/timedated')
-rw-r--r-- | src/interfaces/timedated/timedated.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/interfaces/timedated/timedated.c b/src/interfaces/timedated/timedated.c index d4b0dce..8fb1ce5 100644 --- a/src/interfaces/timedated/timedated.c +++ b/src/interfaces/timedated/timedated.c @@ -219,7 +219,11 @@ on_handle_set_timezone(Timedate1 *td1_passed_interf, strlcat(tz_target_path, "/", TZNAME_MAX); strlcat(tz_target_path, proposed_tz, TZNAME_MAX); - g_printf("%s\n", tz_target_path); + if(strstr(tz_target_path, "../")) { + + g_dbus_method_invocation_return_dbus_error(invoc, "org.freedesktop.timedate1.Error.EBADF", "Provided timezone is invalid."); + return FALSE; + } if(!statbuf) return FALSE; @@ -266,7 +270,9 @@ on_handle_set_local_rtc(Timedate1 *td1_passed_interf, GDBusMethodInvocation *invoc, const gchar *greet, gpointer data) { - return FALSE; + + g_dbus_method_invocation_return_dbus_error(invoc, "org.freedesktop.timedate1.Error.ENODEV", "OpenBSD does not support setting the realtime clock in local time, only UTC."); + return TRUE; } static gboolean @@ -324,6 +330,7 @@ our_get_timezone() { return ret; } +/* openbsd does not support setting the RTC to localtime, only UTC */ gboolean our_get_local_rtc() { |