From b35898028a15cf323a718348725c8e08f6eb77ae Mon Sep 17 00:00:00 2001
From: Michael Hanselmann <hansmi@google.com>
Date: Mon, 8 Oct 2012 13:09:29 +0200
Subject: [PATCH] backend: Use utils.IsBelowDir instead of local code
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

utils.IsBelowDir is actually tested and doesn't allow writes to
β€œβ€¦/queue*”, like the old code here did.

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
---
 lib/backend.py | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/lib/backend.py b/lib/backend.py
index e36fc3629..aafe45649 100644
--- a/lib/backend.py
+++ b/lib/backend.py
@@ -2808,12 +2808,9 @@ def _EnsureJobQueueFile(file_name):
   @raises RPCFail: if the file is not valid
 
   """
-  queue_dir = os.path.normpath(pathutils.QUEUE_DIR)
-  result = (os.path.commonprefix([queue_dir, file_name]) == queue_dir)
-
-  if not result:
+  if not utils.IsBelowDir(pathutils.QUEUE_DIR, file_name):
     _Fail("Passed job queue file '%s' does not belong to"
-          " the queue directory '%s'", file_name, queue_dir)
+          " the queue directory '%s'", file_name, pathutils.QUEUE_DIR)
 
 
 def JobQueueUpdate(file_name, content):
-- 
GitLab