[crypto] acme/autocert: properly clean DirCache paths

Roland Shoemaker (Gerrit)

unread,

May 25, 2022, 4:01:20 PM5/25/22

to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com

Roland Shoemaker has uploaded this change for review.

acme/autocert: properly clean DirCache paths

Don't assume the path passed into the DirCache methods is absolute, and
clean it before further operating on it. Put and Delete are not attacker
controlled, but clean them anyway.

Fixes #53082
Fixes CVE-2022-30636

Change-Id: I755f525a737da60ccba07ebce4d41cc8faebfcca
---
M acme/autocert/cache.go
1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/acme/autocert/cache.go b/acme/autocert/cache.go
index 03f6302..3156a08 100644
--- a/acme/autocert/cache.go
+++ b/acme/autocert/cache.go
@@ -41,7 +41,7 @@
 
 // Get reads a certificate data from the specified file name.
 func (d DirCache) Get(ctx context.Context, name string) ([]byte, error) {
-	name = filepath.Join(string(d), name)
+	name = filepath.Join(string(d), filepath.Clean("/"+name))
 	var (
 		data []byte
 		err  error
@@ -82,7 +82,7 @@
 		case <-ctx.Done():
 			// Don't overwrite the file if the context was canceled.
 		default:
-			newName := filepath.Join(string(d), name)
+			newName := filepath.Join(string(d), filepath.Clean("/"+name))
 			err = os.Rename(tmp, newName)
 		}
 	}()
@@ -96,7 +96,7 @@
 
 // Delete removes the specified file name.
 func (d DirCache) Delete(ctx context.Context, name string) error {
-	name = filepath.Join(string(d), name)
+	name = filepath.Join(string(d), filepath.Clean("/"+name))
 	var (
 		err  error
 		done = make(chan struct{})

To view, visit change 408694. To unsubscribe, or for help writing mail filters, visit settings.

Roland Shoemaker (Gerrit)

unread,

May 25, 2022, 4:01:36 PM5/25/22

to goph...@pubsubhelper.golang.org, Damien Neil, golang-co...@googlegroups.com

Attention is currently required from: Damien Neil.

Patch set 1:Run-TryBot +1

View Change

To view, visit change 408694. To unsubscribe, or for help writing mail filters, visit settings.

Damien Neil (Gerrit)

unread,

May 25, 2022, 5:11:57 PM5/25/22

to Roland Shoemaker, goph...@pubsubhelper.golang.org, Gopher Robot, golang-co...@googlegroups.com

Attention is currently required from: Roland Shoemaker.

Patch set 1:Code-Review +2

View Change

To view, visit change 408694. To unsubscribe, or for help writing mail filters, visit settings.

Roland Shoemaker (Gerrit)

unread,

May 25, 2022, 7:09:42 PM5/25/22

to goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Damien Neil, Gopher Robot, golang-co...@googlegroups.com

Roland Shoemaker submitted this change.

View Change

Approvals:
  Damien Neil: Looks good to me, approved
  Roland Shoemaker: Run TryBots
  Gopher Robot: TryBots succeeded

acme/autocert: properly clean DirCache paths

Don't assume the path passed into the DirCache methods is absolute, and
clean it before further operating on it. Put and Delete are not attacker
controlled, but clean them anyway.

Fixes #53082
Fixes CVE-2022-30636

Change-Id: I755f525a737da60ccba07ebce4d41cc8faebfcca

Reviewed-on: https://go-review.googlesource.com/c/crypto/+/408694
Run-TryBot: Roland Shoemaker <rol...@golang.org>
Reviewed-by: Damien Neil <dn...@google.com>
TryBot-Result: Gopher Robot <go...@golang.org>
---
M acme/autocert/cache.go
1 file changed, 23 insertions(+), 3 deletions(-)

To view, visit change 408694. To unsubscribe, or for help writing mail filters, visit settings.

Reply all

Reply to author

Forward