acme/autocert: properly clean DirCache paths

Don't assume the path passed into the DirCache methods is absolute, and clean it before further operating on it. Put and Delete are not attacker controlled, but clean them anyway. Fixes #53082 Fixes CVE-2022-30636 Change-Id: I755f525a737da60ccba07ebce4d41cc8faebfcca Reviewed-on: https://go-review.googlesource.com/c/crypto/+/408694 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
golang · May 25, 2022 · 793ad66 · 793ad66
1 parent 6f7dac9
commit 793ad66
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/acme/autocert/cache.go b/acme/autocert/cache.go
@@ -41,7 +41,7 @@ type DirCache string
 
 // Get reads a certificate data from the specified file name.
 func (d DirCache) Get(ctx context.Context, name string) ([]byte, error) {
-	name = filepath.Join(string(d), name)
+	name = filepath.Join(string(d), filepath.Clean("/"+name))
 	var (
 		data []byte
 		err  error
@@ -82,7 +82,7 @@ func (d DirCache) Put(ctx context.Context, name string, data []byte) error {
 		case <-ctx.Done():
 			// Don't overwrite the file if the context was canceled.
 		default:
-			newName := filepath.Join(string(d), name)
+			newName := filepath.Join(string(d), filepath.Clean("/"+name))
 			err = os.Rename(tmp, newName)
 		}
 	}()
@@ -96,7 +96,7 @@ func (d DirCache) Put(ctx context.Context, name string, data []byte) error {
 
 // Delete removes the specified file name.
 func (d DirCache) Delete(ctx context.Context, name string) error {
-	name = filepath.Join(string(d), name)
+	name = filepath.Join(string(d), filepath.Clean("/"+name))
 	var (
 		err  error
 		done = make(chan struct{})