ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-05-21 16:39:08 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Disallow use of remote home directories containing .. in their path (CVE-2019-3828) (#52133)

Browse source 
* Disallow use of remote home directories containing .. in their path

* Add CVE to changelog
This commit is contained in:
Matt Martz 2019-02-13 10:38:28 -06:00 committed by GitHub
parent 9f081ca04f
commit b34d141eed
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 44 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/ansible/plugins/action/__init__.py
View file

@ -635,6 +635,9 @@ class ActionBase(with_metaclass(ABCMeta, object)):
else:
expanded = initial_fragment
if '..' in os.path.dirname(expanded).split('/'):
raise AnsibleError("'%s' returned an invalid relative home directory path containing '..'" % self._play_context.remote_addr)
return expanded
def _strip_success_message(self, data):