[bug-gv] [PATCH] ignore resource and style files without absolute paths

[Bernhard R. Link]

The current search path is current directory, home directory,
and then GV_LIBDIR (but no /) prepended.
As GV_LIBDIR without the slash cannot have worked for anyone
yet and looking into the current directory is quite some security
risk (in case anyone actually used that option), reject filenames
not being absolute.
---
 resent

 gv/src/resource.c |   33 +++++++--------------------------
 1 files changed, 7 insertions(+), 26 deletions(-)

diff --git a/gv/src/resource.c b/gv/src/resource.c
index 81deca6..5316485 100644
--- a/gv/src/resource.c
+++ b/gv/src/resource.c
@@ -865,7 +865,6 @@ static char* resource_mergeFileIntoDatabase(dbP,name)
      char *name;
 {
   char tmp[GV_MAX_FILENAME_LENGTH];
-  int useful=0;
 
   BEGINMESSAGE(resource_mergeFileIntoDatabase)
 
@@ -877,36 +876,18 @@ static char* resource_mergeFileIntoDatabase(dbP,name)
   strcpy(tmp,name);
   file_translateTildeInPath(tmp);
 
-  if (file_fileIsNotUseful(tmp)) {
+  if (tmp[0] != '/') {
+    fprintf(stderr, "Ignoring resource file '%s'='%s' as no absolute path!\n",
+                   name, tmp);
+    name = NULL;
+  } else if (file_fileIsNotUseful(tmp)) {
     INFSMESSAGE(not useful,tmp)
-      if (name != file_locateFilename(name)) useful=-1;
-      else {
-
-       sprintf(tmp,"~/%s",name);
-       file_translateTildeInPath(tmp);
-
-      }
-  } else useful=1;
-
-  if (!useful) {
-
-    if (!useful && file_fileIsNotUseful(tmp)) {
-      INFSMESSAGE(not useful,tmp)
-       sprintf(tmp,"%s%s",GV_LIBDIR,name);
-    } else useful=1;
-
-    if (!useful && file_fileIsNotUseful(tmp)) {
-      INFSMESSAGE(not useful,tmp)
-       INFMESSAGE(giving up)
-       } else useful=1;
-  }
-
-  if (useful==1) {
+    name = NULL;
+  } else {
     INFSMESSAGE(merging,tmp)
       XrmCombineFileDatabase(tmp,dbP,True);
     name = XtNewString(tmp);
   }
-  else name=NULL;
   ENDMESSAGE(resource_mergeFileIntoDatabase)
     return(name);
 }
-- 
1.5.6.5