eth: disallow overwrite files via admin.exportChain
This commit is contained in:
parent
cc9eb91d30
commit
292cf7c649
@ -168,6 +168,11 @@ func NewPrivateAdminAPI(eth *Ethereum) *PrivateAdminAPI {
|
|||||||
|
|
||||||
// ExportChain exports the current blockchain into a local file.
|
// ExportChain exports the current blockchain into a local file.
|
||||||
func (api *PrivateAdminAPI) ExportChain(file string) (bool, error) {
|
func (api *PrivateAdminAPI) ExportChain(file string) (bool, error) {
|
||||||
|
if _, err := os.Stat(file); err == nil {
|
||||||
|
// File already exists. Allowing overwrite could be a DoS vecotor,
|
||||||
|
// since the 'file' may point to arbitrary paths on the drive
|
||||||
|
return false, errors.New("location would overwrite an existing file")
|
||||||
|
}
|
||||||
// Make sure we can create the file to export into
|
// Make sure we can create the file to export into
|
||||||
out, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm)
|
out, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
Loading…
Reference in New Issue
Block a user