Enlightenment CVS committal
Author : raster
Project : e17
Module : libs/eet
Dir : e17/libs/eet/src/bin
Modified Files:
eet_main.c
Log Message:
dont allow .. ../ /../ and /.. and absolute paths starting with / in the test
app, and dont overflow the buffer.
===================================================================
RCS file: /cvsroot/enlightenment/e17/libs/eet/src/bin/eet_main.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -3 -r1.5 -r1.6
--- eet_main.c 22 Oct 2004 13:57:49 -0000 1.5
+++ eet_main.c 31 Mar 2005 08:36:10 -0000 1.6
@@ -205,8 +205,19 @@
{
FILE *f;
char buf[PATH_MAX];
+ int len;
- strcpy(buf, file);
+ strncpy(buf, file, sizeof(buf) - 1);
+ buf[sizeof(buf) - 1] = 0;
+ if (buf[0] == '/') return;
+ if (!strcmp(buf, "..")) return;
+ if (!strncmp(buf, "../", 3)) return;
+ if (strstr(buf, "/../")) return;
+ len = strlen(buf);
+ if (len >= 3)
+ {
+ if (!strcmp(&(buf[len - 3]), "/..")) return;
+ }
last = strrchr(buf, '/');
if (last)
{
-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/info/Sentarus/hamr30
_______________________________________________
enlightenment-cvs mailing list
enlightenment-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-cvs
