Don't allow access through symlinks leading out of the ftp.server serving directory

2010-02-03 15:26:37 -06:00 · 2010-02-03 15:26:37 -06:00 · b0840bc355
parent a3f1f9d1af
commit b0840bc355
1 changed files with 2 additions and 2 deletions
--- a/basis/ftp/server/server.factor
+++ b/basis/ftp/server/server.factor
@ -58,7 +58,7 @@ C: <ftp-disconnect> ftp-disconnect
    send-response ;

 : serving? ( path -- ? )
-    normalize-path server get serving-directory>> head? ;
+    resolve-symlinks server get serving-directory>> head? ;

 : can-serve-directory? ( path -- ? )
    { [ exists? ] [ file-info directory? ] [ serving? ] } 1&& ;
@ -343,7 +343,7 @@ M: ftp-server handle-client* ( server -- )
 : <ftp-server> ( directory port -- server )
    latin1 ftp-server new-threaded-server
        swap >>insecure
-        swap normalize-path >>serving-directory
+        swap resolve-symlinks >>serving-directory
        "ftp.server" >>name
        5 minutes >>timeout ;