<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40577 >

Even though load_auth_config() is only ever called
with a filename from the server command line, it uses
is_safe_filename() to disallow ".." in the path. This
makes it rather annoying for testing.

Since it is in all likelyhood fine to trust the very
server operator who is entering the server command
line in the first place, the attached patch removes
the safe filename check from the auth config loading

diff --git a/server/auth.c b/server/auth.c
index 2cdd780..482f279 100644
--- a/server/auth.c
+++ b/server/auth.c
@@ -277,11 +277,6 @@ static bool load_auth_config(const char *filename)
   assert(filename != NULL);
-  if (!is_safe_filename(filename)) {
-    freelog(LOG_ERROR, _("Auth config filename \"%s\" not allowed!"), filename);
-    return FALSE;
-  }
   if (!section_file_load_nodup(&file, filename)) {
     freelog(LOG_ERROR, _("Cannot load auth config file \"%s\"!"), filename);
     return FALSE;
Freeciv-dev mailing list

Reply via email to