Just a precaution: ctm will not accept '..' in paths anymore.
I'm never going to generate one, so this is a guard against hackers mostly. Reviewed by: phk Submitted by: Stephen McKay <syssgm@devetir.qld.gov.au> Obtained from:
This commit is contained in:
Poul-Henning Kamp
parent
728736c058
commit
28db07dea2
@ -6,7 +6,7 @@
|
|||||||
* this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
|
* this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
|
||||||
* ----------------------------------------------------------------------------
|
* ----------------------------------------------------------------------------
|
||||||
*
|
*
|
||||||
* $Id: ctm_pass1.c,v 1.5 1994/11/26 08:57:40 phk Exp $
|
* $Id: ctm_pass1.c,v 1.6 1995/02/04 19:20:47 phk Exp $
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -97,6 +97,16 @@ Pass1(FILE *fd)
|
|||||||
Fatal("Absolute paths are illegal.");
|
Fatal("Absolute paths are illegal.");
|
||||||
return Exit_Mess;
|
return Exit_Mess;
|
||||||
}
|
}
|
||||||
|
for (;;) {
|
||||||
|
if (p[0] == '.' && p[1] == '.')
|
||||||
|
if (p[2] == '/' || p[2] == '\0') {
|
||||||
|
Fatal("Paths containing '..' are illegal.");
|
||||||
|
return Exit_Mess;
|
||||||
|
}
|
||||||
|
if ((p = strchr(p, '/')) == NULL)
|
||||||
|
break;
|
||||||
|
p++;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case CTM_F_Uid:
|
case CTM_F_Uid:
|
||||||
GETFIELD(p,sep);
|
GETFIELD(p,sep);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user