/vsis3/: fix out of bounds introduced by 605a79d

rouault · rouault · commit c4c0e8b61c31 · 2026-03-17T20:26:43.000+01:00
Fixes https://issues.oss-fuzz.com/issues/493485122
diff --git a/autotest/gcore/vsis3.py b/autotest/gcore/vsis3.py
@@ -7218,3 +7218,41 @@ def test_vsis3_credential_process_missing_fields(tmp_vsimem, aws_test_config):
 
     finally:
         os.unlink(script_path)
+
+
+###############################################################################
+# Test invalid filenames
+
+
+@gdaltest.enable_exceptions()
+def test_vsis3_invalid_filenames():
+
+    with pytest.raises(Exception, match="Invalid filename"):
+        gdal.VSIFile("/vsis3/../traversal", "rb")
+
+    with pytest.raises(Exception, match="Invalid filename"):
+        gdal.VSIStatL("/vsis3/../traversal")
+
+    with pytest.raises(Exception, match="Invalid filename"):
+        gdal.Mkdir("/vsis3/../traversal", 0)
+
+    with pytest.raises(Exception, match="Invalid filename"):
+        gdal.Rmdir("/vsis3/../traversal")
+
+    with pytest.raises(Exception, match="Invalid filename"):
+        gdal.Unlink("/vsis3/../traversal")
+
+    with pytest.raises(Exception, match="Invalid filename"):
+        gdal.GetFileMetadata("/vsis3/../traversal", "HEADERS")
+
+    with pytest.raises(Exception, match="Invalid filename"):
+        gdal.SetFileMetadata("/vsis3/../traversal", {"foo": "bar"}, "HEADERS")
+
+    with pytest.raises(Exception, match="Invalid filename"):
+        gdal.Rename("/vsis3/../traversal", "/vsis3/valid")
+
+    with pytest.raises(Exception, match="Invalid filename"):
+        gdal.Rename("/vsis3/valid", "/vsis3/../traversal")
+
+    with pytest.raises(Exception, match="Invalid filename"):
+        gdal.OpenDir("/vsis3/../traversal")
diff --git a/port/cpl_vsil_s3.cpp b/port/cpl_vsil_s3.cpp
@@ -1933,6 +1933,12 @@ VSIVirtualHandleUniquePtr VSICurlFilesystemHandlerBaseWritable::Open(
 
     CPLString osFilename(pszFilename);
     NormalizeFilenameIfNeeded(osFilename);
+    if (!STARTS_WITH_CI(osFilename.c_str(), GetFSPrefix().c_str()))
+    {
+        CPLError(CE_Failure, CPLE_AppDefined, "Invalid filename '%s'",
+                 pszFilename);
+        return nullptr;
+    }
 
     if (strchr(pszAccess, '+'))
     {
@@ -2463,6 +2469,12 @@ char **VSIS3FSHandler::GetFileMetadata(const char *pszFilename,
 
     CPLString osFilename(pszFilename);
     NormalizeFilenameIfNeeded(osFilename);
+    if (!STARTS_WITH_CI(osFilename.c_str(), GetFSPrefix().c_str()))
+    {
+        CPLError(CE_Failure, CPLE_AppDefined, "Invalid filename '%s'",
+                 pszFilename);
+        return nullptr;
+    }
 
     if (pszDomain == nullptr || !EQUAL(pszDomain, "TAGS"))
     {
@@ -2585,6 +2597,12 @@ bool VSIS3FSHandler::SetFileMetadata(const char *pszFilename,
 
     CPLString osFilename(pszFilename);
     NormalizeFilenameIfNeeded(osFilename);
+    if (!STARTS_WITH_CI(osFilename.c_str(), GetFSPrefix().c_str()))
+    {
+        CPLError(CE_Failure, CPLE_AppDefined, "Invalid filename '%s'",
+                 pszFilename);
+        return false;
+    }
 
     if (pszDomain == nullptr ||
         !(EQUAL(pszDomain, "HEADERS") || EQUAL(pszDomain, "TAGS")))
@@ -2772,6 +2790,13 @@ int IVSIS3LikeFSHandler::MkdirInternal(const char *pszDirname, long /*nMode*/,
 
     CPLString osDirname(pszDirname);
     NormalizeFilenameIfNeeded(osDirname);
+    if (!STARTS_WITH_CI(osDirname.c_str(), GetFSPrefix().c_str()))
+    {
+        CPLError(CE_Failure, CPLE_AppDefined, "Invalid filename '%s'",
+                 pszDirname);
+        return -1;
+    }
+
     if (!osDirname.empty() && osDirname.back() != '/')
         osDirname += "/";
 
@@ -2846,6 +2871,13 @@ int IVSIS3LikeFSHandler::Rmdir(const char *pszDirname)
 
     CPLString osDirname(pszDirname);
     NormalizeFilenameIfNeeded(osDirname);
+    if (!STARTS_WITH_CI(osDirname.c_str(), GetFSPrefix().c_str()))
+    {
+        CPLError(CE_Failure, CPLE_AppDefined, "Invalid filename '%s'",
+                 pszDirname);
+        return -1;
+    }
+
     if (!osDirname.empty() && osDirname.back() != '/')
         osDirname += "/";
 
@@ -2905,6 +2937,12 @@ int IVSIS3LikeFSHandler::Stat(const char *pszFilename, VSIStatBufL *pStatBuf,
 
     CPLString osFilename(pszFilename);
     NormalizeFilenameIfNeeded(osFilename);
+    if (!STARTS_WITH_CI(osFilename.c_str(), GetFSPrefix().c_str()))
+    {
+        CPLError(CE_Failure, CPLE_AppDefined, "Invalid filename '%s'",
+                 pszFilename);
+        return -1;
+    }
 
     if ((nFlags & VSI_STAT_CACHE_ONLY) != 0)
         return VSICurlFilesystemHandlerBase::Stat(osFilename, pStatBuf, nFlags);
@@ -3054,6 +3092,12 @@ int IVSIS3LikeFSHandler::Unlink(const char *pszFilename)
 
     CPLString osFilename(pszFilename);
     NormalizeFilenameIfNeeded(osFilename);
+    if (!STARTS_WITH_CI(osFilename.c_str(), GetFSPrefix().c_str()))
+    {
+        CPLError(CE_Failure, CPLE_AppDefined, "Invalid filename '%s'",
+                 pszFilename);
+        return -1;
+    }
 
     std::string osNameWithoutPrefix = osFilename.c_str() + GetFSPrefix().size();
     if (osNameWithoutPrefix.find('/') == std::string::npos)
@@ -3098,10 +3142,19 @@ int IVSIS3LikeFSHandler::Rename(const char *oldpath, const char *newpath,
 
     CPLString osOldPath(oldpath);
     NormalizeFilenameIfNeeded(osOldPath);
+    if (!STARTS_WITH_CI(osOldPath.c_str(), GetFSPrefix().c_str()))
+    {
+        CPLError(CE_Failure, CPLE_AppDefined, "Invalid filename '%s'", oldpath);
+        return -1;
+    }
 
     CPLString osNewPath(newpath);
     NormalizeFilenameIfNeeded(osNewPath);
-
+    if (!STARTS_WITH_CI(osNewPath.c_str(), GetFSPrefix().c_str()))
+    {
+        CPLError(CE_Failure, CPLE_AppDefined, "Invalid filename '%s'", newpath);
+        return -1;
+    }
     NetworkStatisticsFileSystem oContextFS(GetFSPrefix().c_str());
     NetworkStatisticsAction oContextAction("Rename");
 
@@ -3468,6 +3521,11 @@ VSIDIR *IVSIS3LikeFSHandler::OpenDir(const char *pszPath, int nRecurseDepth,
 
     CPLString osPath(pszPath);
     NormalizeFilenameIfNeeded(osPath);
+    if (!STARTS_WITH_CI(osPath.c_str(), GetFSPrefix().c_str()))
+    {
+        CPLError(CE_Failure, CPLE_AppDefined, "Invalid filename '%s'", pszPath);
+        return nullptr;
+    }
 
     NetworkStatisticsFileSystem oContextFS(GetFSPrefix().c_str());
     NetworkStatisticsAction oContextAction("OpenDir");
