good morning!!!!

Skip to content
Snippets Groups Projects
Unverified Commit 292cf7c6 authored by Martin Holst Swende's avatar Martin Holst Swende
Browse files

eth: disallow overwrite files via admin.exportChain

parent cc9eb91d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 0 deletions
eth/api.go
+ 5
0
View file @ 292cf7c6
...@@ -168,6 +168,11 @@ func NewPrivateAdminAPI(eth *Ethereum) *PrivateAdminAPI { ...@@ -168,6 +168,11 @@ func NewPrivateAdminAPI(eth *Ethereum) *PrivateAdminAPI {
// ExportChain exports the current blockchain into a local file. // ExportChain exports the current blockchain into a local file.
func (api *PrivateAdminAPI) ExportChain(file string) (bool, error) { func (api *PrivateAdminAPI) ExportChain(file string) (bool, error) {
if _, err := os.Stat(file); err == nil {
// File already exists. Allowing overwrite could be a DoS vecotor,
// since the 'file' may point to arbitrary paths on the drive
return false, errors.New("location would overwrite an existing file")
}
// Make sure we can create the file to export into // Make sure we can create the file to export into
out, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm) out, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm)
if err != nil { if err != nil {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment