diff options
| author | nectar <nectar@FreeBSD.org> | 2004-01-21 16:27:56 +0000 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2004-01-21 16:27:56 +0000 |
| commit | cf29303145243faf1ec363641b27d8aba8ccb638 (patch) | |
| tree | 363d4c23f6490ca6414ad27063d465925424be60 /contrib/cvs | |
| parent | 681fd029d86a467c08d298faf8f70f664cb0aee1 (diff) | |
| parent | 0de1aa939e0bb1831fe5ba20e2afa2fe6d7426ab (diff) | |
| download | FreeBSD-src-cf29303145243faf1ec363641b27d8aba8ccb638.zip FreeBSD-src-cf29303145243faf1ec363641b27d8aba8ccb638.tar.gz | |
This commit was generated by cvs2svn to compensate for changes in r124793,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'contrib/cvs')
| -rw-r--r-- | contrib/cvs/src/modules.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/contrib/cvs/src/modules.c b/contrib/cvs/src/modules.c index b161e94..b2ded8d 100644 --- a/contrib/cvs/src/modules.c +++ b/contrib/cvs/src/modules.c @@ -159,6 +159,17 @@ do_module (db, mname, m_type, msg, callback_proc, where, shorten, } #endif + /* Don't process absolute directories. Anything else could be a security + * problem. Before this check was put in place: + * + * $ cvs -d:fork:/cvsroot co /foo + * cvs server: warning: cannot make directory CVS in /: Permission denied + * cvs [server aborted]: cannot make directory /foo: Permission denied + * $ + */ + if (isabsolute (mname)) + error (1, 0, "Absolute module reference invalid: `%s'", mname); + /* if this is a directory to ignore, add it to that list */ if (mname[0] == '!' && mname[1] != '\0') { |
