d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

In realpath(), make sure each path component consists only of safe

Browse Source 
characters, and untaint it.
This commit is contained in:
Dag-Erling Smørgrav 2005-07-29 11:28:03 +00:00
parent 614232077b
commit 8b4c82b30e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tools/tools/tinderbox/tbmaster.pl
View File

@ -91,7 +91,9 @@ sub realpath($;$) {
or die("unable to resolve symlink '$realpath/$part': $!\n");
$realpath = realpath($target, $realpath);
} else {
$realpath .= "/$part";
$part =~ m/^([\w.-]+)$/
or die("unsafe path '$realpath/$part'\n");
$realpath .= "/$1";
}
}
return $realpath;