92_FileLog.pm: Fix CVE-2020-19360 (Forum #135959)

git-svn-id: https://svn.fhem.de/fhem/trunk@28210 2b470e98-0d58-463d-a4d8-8e2adae1ed80
2025-04-08 01:14:19 +00:00 · 2023-11-26 09:42:20 +00:00 · 2023-11-26 09:42:20 +00:00 · af3ed45ba9
commit af3ed45ba9
parent d0dcc3c7d7
1 changed files with 5 additions and 0 deletions
--- a/fhem/FHEM/92_FileLog.pm
+++ b/fhem/FHEM/92_FileLog.pm
@ -711,6 +711,11 @@ FileLog_logWrapper($)
    return 0;
  }

+  if($file =~ m,.*/.*([^/]+$),) { # 135959
+    Log 1, "ERROR: FileLog_logWrapper: / not allowed in filename ($file)";
+    return 0;
+  }
+
  if(defined($type) && $type eq "text") {
    $defs{$d}{logfile} =~ m,^(.*)/([^/]*)$,; # Dir and File
    my $path = "$1/$file";