diff options
author | Steven Barth <steven@midlink.org> | 2008-08-11 10:43:31 +0000 |
---|---|---|
committer | Steven Barth <steven@midlink.org> | 2008-08-11 10:43:31 +0000 |
commit | f83bb9996b7bd36e8f032e389ad4eb4a3bfe590d (patch) | |
tree | 7a4cf8f58582724161791d1b6f268d41a0e57ecd /libs | |
parent | 673b4e1698a83c7c045a7dbff062a38740e3c750 (diff) |
libs/web: Add additional sanity checks to session mechanism
Diffstat (limited to 'libs')
-rw-r--r-- | libs/web/luasrc/sauth.lua | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/libs/web/luasrc/sauth.lua b/libs/web/luasrc/sauth.lua index d25f287c5a..8182679ce7 100644 --- a/libs/web/luasrc/sauth.lua +++ b/libs/web/luasrc/sauth.lua @@ -45,14 +45,16 @@ end --- Prepare session storage by creating the session directory. function prepare() luci.fs.mkdir(sessionpath) - luci.fs.chmod(sessionpath, "a-rwx,u+rwx") + if not luci.fs.chmod(sessionpath, "a-rwx,u+rwx") then + error("Security Exception: Session path is not sane!") + end end --- Read a session and return its content. -- @param id Session identifier -- @return Session data function read(id) - if not id then + if not id or not sane() then return end clean() @@ -60,11 +62,18 @@ function read(id) end +--- Check whether Session environment is sane. +-- @return Boolean status +function sane() + return luci.fs.stat(sessionpath, "mode") == "rwx------" +end + + --- Write session data to a session file. -- @param id Session identifier -- @param data Session data function write(id, data) - if not luci.fs.stat(sessionpath) then + if not sane() then prepare() end luci.fs.writefile(sessionpath .. "/" .. id, data) |