perso/syncthing-arm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Verify folder<->device permission in Request

Browse Source 
Requests from valid devices for valid folders should be rejected if the
folder is not shared with that device.
This commit is contained in:
Jakob Borg
2015-01-16 12:25:54 +01:00
parent 8dc13bcf1a
commit 53cd289b90
2 changed files with 32 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/model/model.go
View File

@@ -710,9 +710,14 @@ func (m *Model) Close(device protocol.DeviceID, err error) {
// Request returns the specified data segment by reading it from local disk.
// Implements the protocol.Model interface.
func (m *Model) Request(deviceID protocol.DeviceID, folder, name string, offset int64, size int) ([]byte, error) {
if !m.folderSharedWith(folder, deviceID) {
l.Warnf("Request from %s for file %s in unshared folder %q", deviceID, name, folder)
return nil, ErrNoSuchFile
}
// Verify that the requested file exists in the local model.
m.fmut.RLock()
r, ok := m.folderFiles[folder]
folderFiles, ok := m.folderFiles[folder]
m.fmut.RUnlock()
if !ok {
@@ -720,7 +725,7 @@ func (m *Model) Request(deviceID protocol.DeviceID, folder, name string, offset
return nil, ErrNoSuchFile
}
lf, ok := r.Get(protocol.LocalDeviceID, name)
lf, ok := folderFiles.Get(protocol.LocalDeviceID, name)
if !ok {
return nil, ErrNoSuchFile
}