Just a precaution: ctm will not accept '..' in paths anymore.

I'm never going to generate one, so this is a guard against hackers mostly. Reviewed by: phk Submitted by: Stephen McKay <syssgm@devetir.qld.gov.au> Obtained from:
author: phk <phk@FreeBSD.org> 1995-02-25 05:02:18 +0000
committer: phk <phk@FreeBSD.org> 1995-02-25 05:02:18 +0000
commit: 030f982dd69dac94b908d1e725850626a5185985 (patch)
tree: e301e62d96f62793238a971d8342c94252271c40 /usr.sbin/ctm
parent: 1b262ea352357ad02136f400358274e808a6bba5 (diff)
download: FreeBSD-src-030f982dd69dac94b908d1e725850626a5185985.zip
FreeBSD-src-030f982dd69dac94b908d1e725850626a5185985.tar.gz
1 files changed, 11 insertions, 1 deletions
diff --git a/usr.sbin/ctm/ctm/ctm_pass1.c b/usr.sbin/ctm/ctm/ctm_pass1.c
index 8d69b18..7ef3cb9 100644
--- a/usr.sbin/ctm/ctm/ctm_pass1.c
+++ b/usr.sbin/ctm/ctm/ctm_pass1.c
@@ -6,7 +6,7 @@
  * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
  * ----------------------------------------------------------------------------
  *
- * $Id: ctm_pass1.c,v 1.5 1994/11/26 08:57:40 phk Exp $
+ * $Id: ctm_pass1.c,v 1.6 1995/02/04 19:20:47 phk Exp $
  *
  */
 
@@ -97,6 +97,16 @@ Pass1(FILE *fd)
 			Fatal("Absolute paths are illegal.");
 			return Exit_Mess;
 		    }
+		    for (;;) {
+			if (p[0] == '.' && p[1] == '.')
+			    if (p[2] == '/' || p[2] == '\0') {
+				Fatal("Paths containing '..' are illegal.");
+				return Exit_Mess;
+			    }
+			if ((p = strchr(p, '/')) == NULL)
+			    break;
+			p++;
+		    }
 		    break;
 		case CTM_F_Uid:
 		    GETFIELD(p,sep);
author	phk <phk@FreeBSD.org>	1995-02-25 05:02:18 +0000
committer	phk <phk@FreeBSD.org>	1995-02-25 05:02:18 +0000
commit	030f982dd69dac94b908d1e725850626a5185985 (patch)
tree	e301e62d96f62793238a971d8342c94252271c40 /usr.sbin/ctm
parent	1b262ea352357ad02136f400358274e808a6bba5 (diff)
download	FreeBSD-src-030f982dd69dac94b908d1e725850626a5185985.zip FreeBSD-src-030f982dd69dac94b908d1e725850626a5185985.tar.gz