diff options
author | Steve Azzopardi <sazzopardi@gitlab.com> | 2018-11-26 10:39:22 +0300 |
---|---|---|
committer | Steve Azzopardi <sazzopardi@gitlab.com> | 2018-11-26 10:39:22 +0300 |
commit | 5c098e24094bd94699bdb6854b23725b8d286b63 (patch) | |
tree | 65cb5129b73e94e8130e94ca8311ffbfdb44cdbe /internal/domain/domain.go | |
parent | 4e04c013fba8e0c1294904b52bcb2cbaad27cb52 (diff) | |
parent | 936c7421550e11c3271b1603183bac2bd51f27e6 (diff) |
Merge branch 'fix-toctou-1-3' into '1-3-stable'v1.3.11-3-stable
[1.3] Fix TOCTOU race condition when serving files
See merge request gitlab/gitlab-pages!7
Diffstat (limited to 'internal/domain/domain.go')
-rw-r--r-- | internal/domain/domain.go | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/internal/domain/domain.go b/internal/domain/domain.go index 261707cf..2c4f4e29 100644 --- a/internal/domain/domain.go +++ b/internal/domain/domain.go @@ -15,6 +15,8 @@ import ( "sync" "time" + "golang.org/x/sys/unix" + "gitlab.com/gitlab-org/gitlab-pages/internal/httperrors" "gitlab.com/gitlab-org/gitlab-pages/internal/httputil" ) @@ -231,7 +233,7 @@ func (d *D) HasProject(r *http.Request) bool { func (d *D) serveFile(w http.ResponseWriter, r *http.Request, origPath string) error { fullPath := handleGZip(w, r, origPath) - file, err := os.Open(fullPath) + file, err := openNoFollow(fullPath) if err != nil { return err } @@ -257,7 +259,7 @@ func (d *D) serveCustomFile(w http.ResponseWriter, r *http.Request, code int, or fullPath := handleGZip(w, r, origPath) // Open and serve content of file - file, err := os.Open(fullPath) + file, err := openNoFollow(fullPath) if err != nil { return err } @@ -455,3 +457,7 @@ func (d *D) ServeNotFoundHTTP(w http.ResponseWriter, r *http.Request) { func endsWithSlash(path string) bool { return strings.HasSuffix(path, "/") } + +func openNoFollow(path string) (*os.File, error) { + return os.OpenFile(path, os.O_RDONLY|unix.O_NOFOLLOW, 0) +} |