<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40577 >
Even though load_auth_config() is only ever called with a filename from the server command line, it uses is_safe_filename() to disallow ".." in the path. This makes it rather annoying for testing. Since it is in all likelyhood fine to trust the very server operator who is entering the server command line in the first place, the attached patch removes the safe filename check from the auth config loading function. ----------------------------------------------------------------------- システムオペレータを信用出来なければ、どうする?
diff --git a/server/auth.c b/server/auth.c index 2cdd780..482f279 100644 --- a/server/auth.c +++ b/server/auth.c @@ -277,11 +277,6 @@ static bool load_auth_config(const char *filename) assert(filename != NULL); - if (!is_safe_filename(filename)) { - freelog(LOG_ERROR, _("Auth config filename \"%s\" not allowed!"), filename); - return FALSE; - } - if (!section_file_load_nodup(&file, filename)) { freelog(LOG_ERROR, _("Cannot load auth config file \"%s\"!"), filename); return FALSE;
_______________________________________________ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev