summaryrefslogtreecommitdiffhomepage
path: root/libs
diff options
context:
space:
mode:
authorSteven Barth <steven@midlink.org>2008-08-11 10:43:31 +0000
committerSteven Barth <steven@midlink.org>2008-08-11 10:43:31 +0000
commitf83bb9996b7bd36e8f032e389ad4eb4a3bfe590d (patch)
tree7a4cf8f58582724161791d1b6f268d41a0e57ecd /libs
parent673b4e1698a83c7c045a7dbff062a38740e3c750 (diff)
libs/web: Add additional sanity checks to session mechanism
Diffstat (limited to 'libs')
-rw-r--r--libs/web/luasrc/sauth.lua15
1 files changed, 12 insertions, 3 deletions
diff --git a/libs/web/luasrc/sauth.lua b/libs/web/luasrc/sauth.lua
index d25f287c5a..8182679ce7 100644
--- a/libs/web/luasrc/sauth.lua
+++ b/libs/web/luasrc/sauth.lua
@@ -45,14 +45,16 @@ end
--- Prepare session storage by creating the session directory.
function prepare()
luci.fs.mkdir(sessionpath)
- luci.fs.chmod(sessionpath, "a-rwx,u+rwx")
+ if not luci.fs.chmod(sessionpath, "a-rwx,u+rwx") then
+ error("Security Exception: Session path is not sane!")
+ end
end
--- Read a session and return its content.
-- @param id Session identifier
-- @return Session data
function read(id)
- if not id then
+ if not id or not sane() then
return
end
clean()
@@ -60,11 +62,18 @@ function read(id)
end
+--- Check whether Session environment is sane.
+-- @return Boolean status
+function sane()
+ return luci.fs.stat(sessionpath, "mode") == "rwx------"
+end
+
+
--- Write session data to a session file.
-- @param id Session identifier
-- @param data Session data
function write(id, data)
- if not luci.fs.stat(sessionpath) then
+ if not sane() then
prepare()
end
luci.fs.writefile(sessionpath .. "/" .. id, data)