From 78429cea51d55c08251f478caf95209a3e1d6758 Mon Sep 17 00:00:00 2001
From: imp <imp@FreeBSD.org>
Date: Fri, 18 Jul 1997 18:33:15 +0000
Subject: Fix a problem where remote files could be removed by exploiting race
 conditions similar to those reported in CERT's CA-91:10a advisory. Obtained
 from: Hiroshi NAKANO <nakano@rins.ryukoku.ac.jp> by way of CERT.

---
 usr.sbin/lpr/common_source/rmjob.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/usr.sbin/lpr/common_source/rmjob.c b/usr.sbin/lpr/common_source/rmjob.c
index 5497ca2..e4f068b 100644
--- a/usr.sbin/lpr/common_source/rmjob.c
+++ b/usr.sbin/lpr/common_source/rmjob.c
@@ -191,6 +191,8 @@ process(file)
 	while (getline(cfp)) {
 		switch (line[0]) {
 		case 'U':  /* unlink associated files */
+			if (strchr(line+1, '/') || strncmp(line+1, "df", 2))
+				break;
 			if (from != host)
 				printf("%s: ", host);
 			printf(unlink(line+1) ? "cannot dequeue %s\n" :
-- 
cgit v1.1