ddidderr/lanspread
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

path validation

Browse Source
This commit is contained in:
ddidderr
2025-11-12 20:42:15 +01:00
parent a8235fe52a
commit d9f8a342e6
3 changed files with 208 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crates/lanspread-peer/src/peer.rs
+9 -5
View File
@@ -9,6 +9,8 @@ use tokio::{
time::Instant,
};
use crate::path_validation::validate_game_file_path;
async fn stream_file_bytes(
tx: &mut SendStream,
base_dir: &Path,
@@ -17,13 +19,15 @@ async fn stream_file_bytes(
length: Option<u64>,
) -> eyre::Result<()> {
let remote_addr = maybe_addr!(tx.connection().remote_addr());
let game_file = base_dir.join(relative_path);
// Validate the path to prevent directory traversal
let validated_path = validate_game_file_path(base_dir, relative_path)?;
log::debug!(
"{remote_addr} streaming file bytes for peer: {}, offset: {offset}, length: {length:?}",
game_file.display()
validated_path.display()
);
let mut file = tokio::fs::File::open(&game_file).await?;
let mut file = tokio::fs::File::open(&validated_path).await?;
if offset > 0 {
file.seek(std::io::SeekFrom::Start(offset)).await?;
}
@@ -59,7 +63,7 @@ async fn stream_file_bytes(
let mb_per_s = (diff_bytes as f64) / (elapsed.as_secs_f64() * 1_000_000.0);
log::debug!(
"{remote_addr} sending file data: {}, MB/s: {mb_per_s:.2}",
game_file.display()
validated_path.display()
);
last_total_bytes = total_bytes;
timestamp = Instant::now();
@@ -69,7 +73,7 @@ async fn stream_file_bytes(
log::debug!(
"{remote_addr} finished streaming file bytes: {}, total_bytes: {total_bytes}",
game_file.display()
validated_path.display()
);
tx.close().await?;