upload check flaw?

Technical discussion about the NMDC and <a href="http://dcpp.net/ADC.html">ADC</A> protocol. The NMDC protocol is documented in the <a href="http://dcpp.net/wiki/">Wiki</a>, so feel free to refer to it.

Moderator: Moderators

Locked
ola
Posts: 1
Joined: 2003-03-10 01:32

upload check flaw?

Post by ola » 2003-03-10 01:41

I looked around in the source-code but couldn't find any place where
the file being request for upload actually is checked if it really is in one
of the DC-shares and not somewhere else, i.e c:\autoexe.bat or something similar. Granted I didn't spend to much time looking for it but still if someone KNOWS how a DC client prevents(?) a malicious DC-request from being served, give me a pointer to how that is done!

/ola
Top
sarf
Posts: 382
Joined: 2003-01-24 05:43
Location: Sweden
Contact:
Contact sarf

Re: upload check flaw?

Post by sarf » 2003-03-10 10:36

Check out the method translateFileName() in ShareManager.

Sarf
---
Use no hooks.
Top
Dj_Offset
Posts: 48
Joined: 2003-02-22 19:22
Location: Oslo, Norway
Contact:
Contact Dj_Offset

Post by Dj_Offset » 2003-03-10 15:12

Too obvious
I wrote QuickDC - A DC++ compatible client for Linux and FreeBSD.
Top
Locked

Return to “Protocol Alley”