Merge pull request ethereum#20019 from holiman/minor_adminfix

eth: disallow overwrite files via admin.exportChain
blocknative · Aug 30, 2019 · d5bd383 · d5bd383
2 parents 396f1dd + 292cf7c
commit d5bd383
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/eth/api.go b/eth/api.go
@@ -168,6 +168,11 @@ func NewPrivateAdminAPI(eth *Ethereum) *PrivateAdminAPI {
 
 // ExportChain exports the current blockchain into a local file.
 func (api *PrivateAdminAPI) ExportChain(file string) (bool, error) {
+	if _, err := os.Stat(file); err == nil {
+		// File already exists. Allowing overwrite could be a DoS vecotor,
+		// since the 'file' may point to arbitrary paths on the drive
+		return false, errors.New("location would overwrite an existing file")
+	}
 	// Make sure we can create the file to export into
 	out, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm)
 	if err != nil {