Move the checks for '/' a little sooner in the code which receives files

for a remote print job.  This change comes from OpenBSD (who got it from
Sebastian Krahmer of SuSE).  In OpenBSD this avoids a tiny theoretical
security issue, but that security issue does not exist in FreeBSD's lpr
due to the changes which added 'ctl_renametf()' just before 4.4-release.
This change is still worth doing in our version, but it isn't fixing a
security issue.

MFC after:	4 days

1 files changed, 8 insertions, 8 deletions

diff --git a/usr.sbin/lpr/lpd/recvjob.c b/usr.sbin/lpr/lpd/recvjob.c
index b69fa12..d9f97bf 100644
--- a/usr.sbin/lpr/lpd/recvjob.c
+++ b/usr.sbin/lpr/lpd/recvjob.c
@@ -194,12 +194,13 @@ readjob(struct printer *pp)
 			 */
 			strlcpy(cp + 6, from_host, sizeof(line)
 			    + (size_t)(line - cp - 6));
+			if (strchr(cp, '/')) {
+				frecverr("readjob: %s: illegal path name", cp);
+				/*NOTREACHED*/
+			}
 			strlcpy(tfname, cp, sizeof(tfname));
 			tfname[sizeof (tfname) - 1] = '\0';
 			tfname[0] = 't';
-			if (strchr(tfname, '/'))
-				frecverr("readjob: %s: illegal path name",
-				    tfname);
 			if (!chksize(size)) {
 				(void) write(STDOUT_FILENO, "\2", (size_t)1);
 				continue;
@@ -225,16 +226,15 @@ readjob(struct printer *pp)
 				size = size * 10 + (*cp++ - '0');
 			if (*cp++ != ' ')
 				break;
+			if (strchr(cp, '/')) {
+				frecverr("readjob: %s: illegal path name", cp);
+				/*NOTREACHED*/
+			}
 			if (!chksize(size)) {
 				(void) write(STDOUT_FILENO, "\2", (size_t)1);
 				continue;
 			}
 			strlcpy(dfname, cp, sizeof(dfname));
-			if (strchr(dfname, '/')) {
-				frecverr("readjob: %s: illegal path name",
-					dfname);
-				/*NOTREACHED*/
-			}
 			dfcnt++;
 			trstat_init(pp, dfname, dfcnt);
 			(void) readfile(pp, dfname, (size_t)size);