<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40577 >
Even though load_auth_config() is only ever called
with a filename from the server command line, it uses
is_safe_filename() to disallow ".." in the path. This
makes it rather annoying for testing.
Since it is in all likelyhood fine to trust the very
server operator who is entering the server command
line in the first place, the attached patch removes
the safe filename check from the auth config loading
function.
-----------------------------------------------------------------------
システムオペレータを信用出来なければ、どうする?
diff --git a/server/auth.c b/server/auth.c
index 2cdd780..482f279 100644
--- a/server/auth.c
+++ b/server/auth.c
@@ -277,11 +277,6 @@ static bool load_auth_config(const char *filename)
assert(filename != NULL);
- if (!is_safe_filename(filename)) {
- freelog(LOG_ERROR, _("Auth config filename \"%s\" not allowed!"), filename);
- return FALSE;
- }
-
if (!section_file_load_nodup(&file, filename)) {
freelog(LOG_ERROR, _("Cannot load auth config file \"%s\"!"), filename);
return FALSE;
_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev
