spm

Commit: 5553a36f4dd1bb8749a5200346934686fae3358e
Parent: e0d7a479f757e6b396f2d3d31c7311aa523b533f
Author: Klemens Nanni
Date:   Sat, 22 Apr 2017 01:46:05 +0200

Prevent directory traversals outside of $PASSWORD_STORE_DIR

	$ PASSWORD_STORE_DIR=~/.spm
	$ spm list ../

Above code would list the users home directory due the nature of
relative paths. While preventing this entirely would not only cut useful
functionality but also seems impossible, checking whether the user
provided input eventually resolves into a relative path under spm's
storage root directory can prevent such abuse. The following
demonstrates the new correct behaviour (output redacted):

	$ spm list ..
	Error: Bad traversal
	$ spm list ../.spm; echo $?
	0

Diffstat:
M
spm
 | 
14
+++++++++++++-
M
spm.1
 | 
11
+----------

2 files changed, 14 insertions(+), 11 deletions(-)
diff --git a/spm b/spm
@@ -58,6 +58,17 @@ find() {
 	command find "${STORE_DIR}" -type f -o -type l | grep -Gie "${1}"
 }
 
+munge() {
+	abspath="$(readlink -f "${STORE_DIR}"/"${1}")"
+	case "${abspath}" in
+	"${STORE_DIR}"*)
+		eval ${2}=\"${abspath#${STORE_DIR}}\"
+		;;
+	*)
+		usage 'bad traversal'
+	esac
+}
+
 alias view='less -EiKRX'
 
 ## Commands
@@ -109,7 +120,8 @@ add|del|search|show)
 list)
 	[ "${2:-}" = -g ] && gflag=1 && shift 1
 	[ ${#} -gt 2 ] && usage 'too many arguments'
-	list "${2:-}"
+	[ -n "${2:-}" ] && munge "${2}" relpath
+	list "${relpath:-}"
 	;;
 help)
 	usage
diff --git a/spm.1 b/spm.1
@@ -1,4 +1,4 @@
-.Dd March 27, 2017
+.Dd April 21, 2017
 .Dt SPM 1
 .Sh NAME
 .Nm spm
@@ -148,15 +148,6 @@ $ spm show "$(spm search . | dmenu -l 10)"
 .Sh CAVEATS
 Groups have to be deleted manually using
 .Xr rmdir 1 .
-.sp
-Entry paths containing
-.Pa ..
-may allow users to add or list files outside the storage root directory.
-.Bd -literal -offset indent
-$ spm list ..
-/home/kle/alice/.spm/..
-[...]
-.Ed
 .Sh AUTHORS
 .Nm
 is written by