vbatts/llama.cpp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

also reject empty filename

Browse source
This commit is contained in:
Jan Boon 2024-04-06 02:43:13 +08:00
parent 4a4f3993e7
commit 2fbf0c3495
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
common/common.cpp
View file

@ -1500,7 +1500,13 @@ std::string gpt_random_prompt(std::mt19937 & rng) {
GGML_UNREACHABLE();
}
// Validate if a filename is safe to use
// To validate a full path, split the path by the OS-specific path separator, and validate each part with this function
bool validate_file_name(const std::string & filename) {
if (!filename.length()) {
// Empty filename invalid
return false;
}
if (filename.length() > 255) {
// Limit at common largest possible filename on Linux filesystems
// to avoid unnecessary further validation
@ -1546,7 +1552,7 @@ bool validate_file_name(const std::string & filename) {
}
}
// Reject any ".." (this is stricter than checking for ../ combinations)
// Reject any ".." (currently stricter than necessary, it should be fine to just check for == ".." instead)
if (filename.find("..") != std::string::npos) {
return false;
}