From fa3d380dffcdd3eec07c01719e4ad7f15fe69935 Mon Sep 17 00:00:00 2001
From: Michael Friedrich <michael.friedrich@netways.de>
Date: Fri, 24 Jul 2015 16:05:13 +0200
Subject: [PATCH] Fix a problem where invalid stage config could lead into
 broken stages

refs #9103
refs #9083
---
 lib/remote/configmoduleutility.cpp | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/remote/configmoduleutility.cpp b/lib/remote/configmoduleutility.cpp
index b927c87fc..feac2bc0a 100644
--- a/lib/remote/configmoduleutility.cpp
+++ b/lib/remote/configmoduleutility.cpp
@@ -84,10 +84,13 @@ String ConfigModuleUtility::CreateStage(const String& moduleName, const Dictiona
 	Utility::MkDirP(path, 0700);
 	WriteStageConfig(moduleName, stageName);
 
+	bool foundDotDot = false;
 	ObjectLock olock(files);
 	BOOST_FOREACH(const Dictionary::Pair& kv, files) {
-		if (ContainsDotDot(kv.first))
-			BOOST_THROW_EXCEPTION(std::invalid_argument("Path must not contain '..'."));
+		if (ContainsDotDot(kv.first)) {
+			foundDotDot = true;
+			break;
+		}
 
 		String filePath = path + "/" + kv.first;
 
@@ -101,6 +104,11 @@ String ConfigModuleUtility::CreateStage(const String& moduleName, const Dictiona
 		fp.close();
 	}
 
+	if (foundDotDot) {
+		Utility::RemoveDirRecursive(path);
+		BOOST_THROW_EXCEPTION(std::invalid_argument("Path must not contain '..'."));
+	}
+
 	return stageName;
 }