diff options
| author | Carsten Haitzler <raster@rasterman.com> | 2005-03-31 08:36:10 +0000 |
|---|---|---|
| committer | Carsten Haitzler <raster@rasterman.com> | 2005-03-31 08:36:10 +0000 |
| commit | efa3f16f5351c0554c779ddb368c28cfebd7918b (patch) | |
| tree | 6629a546eabe47e6bcee2f6a4e6a72e4fdf5ab92 /src/bin | |
| parent | 964fcc6ad10ffa6e02502efe0e060dd131c70dff (diff) | |
| download | eet-efa3f16f5351c0554c779ddb368c28cfebd7918b.tar.gz | |
dont allow .. ../ /../ and /.. and absolute paths starting with / in the test
app, and dont overflow the buffer.
SVN revision: 14028
Diffstat (limited to 'src/bin')
| -rw-r--r-- | src/bin/eet_main.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/bin/eet_main.c b/src/bin/eet_main.c index aa5ff17..f0fb86f 100644 --- a/src/bin/eet_main.c +++ b/src/bin/eet_main.c @@ -205,8 +205,19 @@ depak_file(Eet_File *ef, char *file) { FILE *f; char buf[PATH_MAX]; + int len; - strcpy(buf, file); + strncpy(buf, file, sizeof(buf) - 1); + buf[sizeof(buf) - 1] = 0; + if (buf[0] == '/') return; + if (!strcmp(buf, "..")) return; + if (!strncmp(buf, "../", 3)) return; + if (strstr(buf, "/../")) return; + len = strlen(buf); + if (len >= 3) + { + if (!strcmp(&(buf[len - 3]), "/..")) return; + } last = strrchr(buf, '/'); if (last) { |