grim/hgkeeper

Deny invalid path

13 months ago, aklitzing
5a19892df841
Deny invalid path

If an authenticated user calls `hg init hg.host.com/dummy/../../../etc`
it will create the repository in another root directory if the process of
hgkeeper has permissions for this.
This could be an attack to the server.

Also hgkeeper admin repository can be overriden like this.
`hg init ssh://hg.host.com/dummy/../hgkeeper/keys`

Reviewed at https://reviews.imfreedom.org/r/2422/
package ssh
import (
"errors"
"io/ioutil"
"path/filepath"
"go.uber.org/zap"
"golang.org/x/crypto/ssh"
)
func (s *Server) setHostKeysPath(hostKeysPath string) error {
files, err := ioutil.ReadDir(hostKeysPath)
if err != nil {
return err
}
found := false
for _, file := range files {
if !file.Mode().IsDir() {
path := filepath.Join(hostKeysPath, file.Name())
data, err := ioutil.ReadFile(path)
if err != nil {
zap.S().Warnf("failed to read %s", path)
continue
}
key, err := ssh.ParsePrivateKey(data)
if err != nil {
zap.S().Warnf("%s is not an ssh private key", path)
continue
}
s.server.AddHostKey(key)
found = true
zap.S().Infof("added host key from %s", path)
}
}
if !found {
return errors.New("failed to find a usable host key")
}
return nil
}