chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
3d6374d
)
util: be a bit safer in path_is_safe()
author
Lennart Poettering
<lennart@poettering.net>
Thu, 30 Apr 2015 17:44:10 +0000
(19:44 +0200)
committer
Sven Eden
<yamakuzure@gmx.net>
Tue, 14 Mar 2017 07:20:22 +0000
(08:20 +0100)
We should be more strict when verifying paths with path_is_safe() for
potentially dangerous constructs, and that includes lengths of
PATH_MAX-1 and larger. Be more accurate here.
src/shared/util.c
patch
|
blob
|
history
diff --git
a/src/shared/util.c
b/src/shared/util.c
index 693bb1d9a4b338d68bb2f911a778cf0bbc7b67af..f904d03257f1b63e43d578ddd5c65b0b3aee744a 100644
(file)
--- a/
src/shared/util.c
+++ b/
src/shared/util.c
@@
-3918,7
+3918,7
@@
bool path_is_safe(const char *p) {
if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
return false;
- if (strlen(p) > PATH_MAX)
+ if (strlen(p)
+1
> PATH_MAX)
return false;
/* The following two checks are not really dangerous, but hey, they still are confusing */