Your ROOT_URL in app.ini is https://git.cloudchain.link/ but you are visiting https://dash.bss.nz/open-source-mirrors/jellyfin/commit/f61d18612b2e6c6e9a5dd4510331ac8d89a337d5 You should set ROOT_URL correctly, otherwise the web may not work correctly.
open-source-mirrors
/
jellyfin
mirror of https://github.com/jellyfin/jellyfin
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix directory traversal in the HlsSegmentController in a fairly rudimentary but working way.

Browse Source 
GHSL-2021-050: Issue 1,2,3 Arbitrary file read and directory traversal.
The segment id's can probably just be verified to be an actual ID or to not contain any forward or backward slashes
pull/5596/head
Erwin de Haan 4 years ago
parent 9360fecb31
commit f61d18612b
1 changed files with 20 additions and 0 deletions

20
Jellyfin.Api/Controllers/HlsSegmentController.cs
Unescape View File

@ -62,6 +62,13 @@ namespace Jellyfin.Api.Controllers
// TODO: Deprecate with new iOS app
var file = segmentId + Path.GetExtension(Request.Path);
file = Path.Combine(_serverConfigurationManager.GetTranscodePath(), file);
var transcodePath = _serverConfigurationManager.GetTranscodePath();
file = Path.GetFullPath(Path.Combine(transcodePath, file));
var fileDir = Path.GetDirectoryName(file);
if (string.IsNullOrEmpty(fileDir) || !fileDir.StartsWith(transcodePath))
{
return BadRequest("Invalid segment.");
}
return FileStreamResponseHelpers.GetStaticFileResult(file, MimeTypes.GetMimeType(file)!, false, HttpContext);
}
@ -82,6 +89,13 @@ namespace Jellyfin.Api.Controllers
{
var file = playlistId + Path.GetExtension(Request.Path);
file = Path.Combine(_serverConfigurationManager.GetTranscodePath(), file);
var transcodePath = _serverConfigurationManager.GetTranscodePath();
file = Path.GetFullPath(Path.Combine(transcodePath, file));
var fileDir = Path.GetDirectoryName(file);
if (string.IsNullOrEmpty(fileDir) || !fileDir.StartsWith(transcodePath) || Path.GetExtension(file) != ".m3u8")
{
return BadRequest("Invalid segment.");
}
return GetFileResult(file, file);
}
@ -131,6 +145,12 @@ namespace Jellyfin.Api.Controllers
var transcodeFolderPath = _serverConfigurationManager.GetTranscodePath();
file = Path.Combine(transcodeFolderPath, file);
file = Path.GetFullPath(Path.Combine(transcodeFolderPath, file));
var fileDir = Path.GetDirectoryName(file);
if (string.IsNullOrEmpty(fileDir) || !fileDir.StartsWith(transcodeFolderPath))
{
return BadRequest("Invalid segment.");
}
var normalizedPlaylistId = playlistId;

Write Preview
Loading…
Cancel
Save