Add check to make sure the target paths are within the allowed mount directory!
Opened this issue · 1 comments
Maxwell175 commented
Before executing any of the requests make sure that the target path provided by the client doesn't have any gotchas such as an extra trip to the parent directory of the mount point, or worse the root of the actual server's file system.
Obviously, this shouldn't happen unless there is a serious client-side bug (or the client is actually a malicious attacker).
Maxwell175 commented
I will complete some more extensive testing before completely closing this issue.