From 87bac40abbe8ffbeb40987de025f94e59d020a86 Mon Sep 17 00:00:00 2001 From: Jan Date: Wed, 16 Oct 2019 16:54:55 +0200 Subject: [PATCH] fix underflow in copying code (#10264) --- arangod/V8Server/V8DealerFeature.cpp | 22 ++++++++++------------ arangosh/Shell/V8ShellFeature.cpp | 21 ++++++++++----------- 2 files changed, 20 insertions(+), 23 deletions(-) diff --git a/arangod/V8Server/V8DealerFeature.cpp b/arangod/V8Server/V8DealerFeature.cpp index 4aed84e94d..d71d89824d 100644 --- a/arangod/V8Server/V8DealerFeature.cpp +++ b/arangod/V8Server/V8DealerFeature.cpp @@ -513,18 +513,16 @@ void V8DealerFeature::copyInstallationFiles() { // don't copy files in .bin return true; } - if (filename.size() >= nodeModulesPath.size()) { - std::string normalized = filename; - FileUtils::normalizePath(normalized); - if ((!nodeModulesPath.empty() && - normalized.size() >= nodeModulesPath.size() && - normalized.substr(normalized.size() - nodeModulesPath.size(), nodeModulesPath.size()) == nodeModulesPath) || - (!nodeModulesPathVersioned.empty() && - normalized.size() >= nodeModulesPathVersioned.size() && - normalized.substr(normalized.size() - nodeModulesPathVersioned.size(), nodeModulesPathVersioned.size()) == nodeModulesPathVersioned)) { - // filter it out! - return true; - } + std::string normalized = filename; + FileUtils::normalizePath(normalized); + if ((!nodeModulesPath.empty() && + normalized.size() >= nodeModulesPath.size() && + normalized.substr(normalized.size() - nodeModulesPath.size(), nodeModulesPath.size()) == nodeModulesPath) || + (!nodeModulesPathVersioned.empty() && + normalized.size() >= nodeModulesPathVersioned.size() && + normalized.substr(normalized.size() - nodeModulesPathVersioned.size(), nodeModulesPathVersioned.size()) == nodeModulesPathVersioned)) { + // filter it out! + return true; } // let the file/directory pass through return false; diff --git a/arangosh/Shell/V8ShellFeature.cpp b/arangosh/Shell/V8ShellFeature.cpp index 71adb4f189..7751fb4218 100644 --- a/arangosh/Shell/V8ShellFeature.cpp +++ b/arangosh/Shell/V8ShellFeature.cpp @@ -288,17 +288,16 @@ void V8ShellFeature::copyInstallationFiles() { return true; } - if (filename.size() >= nodeModulesPath.size()) { - std::string normalized = filename; - FileUtils::normalizePath(normalized); - TRI_ASSERT(filename.size() == normalized.size()); - if (normalized.substr(normalized.size() - nodeModulesPath.size(), - nodeModulesPath.size()) == nodeModulesPath || - normalized.substr(normalized.size() - nodeModulesPathVersioned.size(), - nodeModulesPathVersioned.size()) == nodeModulesPathVersioned) { - // filter it out! - return true; - } + std::string normalized = filename; + FileUtils::normalizePath(normalized); + if ((!nodeModulesPath.empty() && + normalized.size() >= nodeModulesPath.size() && + normalized.substr(normalized.size() - nodeModulesPath.size(), nodeModulesPath.size()) == nodeModulesPath) || + (!nodeModulesPathVersioned.empty() && + normalized.size() >= nodeModulesPathVersioned.size() && + normalized.substr(normalized.size() - nodeModulesPathVersioned.size(), nodeModulesPathVersioned.size()) == nodeModulesPathVersioned)) { + // filter it out! + return true; } // let the file/directory pass through return false;