pathname_levels has a problem to handle cascading slashes.
By the problem, cvs client can create arbitrary directory in server
machine, at least. For example, cvs client can create #cvs.lock to
prevent other operations.
--- subr.c 2000/04/10 05:49:15 1.3
+++ subr.c 2000/07/31 03:29:43 1.4
@@ -171,7 +171,8 @@
if (-level > max_level)
max_level = -level;
}
- else if (p[0] == '.' && (p[1] == '\0' || p[1] == '/'))
+ else if ((p[0] == '\0' || p[0] == '/') ||
+ p[0] == '.' && (p[1] == '\0' || p[1] == '/'))
;
else
++level;
--
Tanaka Akira
