[GNUnet-SVN] r2359 - gnunet-gtk/src/plugins/fs

durner Tue, 20 Dec 2005 12:47:07 -0800

Author: durner
Date: 2005-12-20 12:21:32 -0800 (Tue, 20 Dec 2005)
New Revision: 2359


Modified:
   gnunet-gtk/src/plugins/fs/download.c
Log:
avoid directory traversal

Modified: gnunet-gtk/src/plugins/fs/download.c
===================================================================
--- gnunet-gtk/src/plugins/fs/download.c        2005-12-20 19:41:43 UTC (rev 
2358)
+++ gnunet-gtk/src/plugins/fs/download.c        2005-12-20 20:21:32 UTC (rev 
2359)
@@ -420,6 +420,7 @@
   GtkTreePath * path;
   struct ECRS_URI * u;
   char *dirPath;
+  char *dotdot;
 
   pos = head;
   while (pos != NULL) {
@@ -527,6 +528,12 @@
         }
         fnURL[len] = 0;
         
+        /* avoid directory traversal */
+        while(dotdot = strstr("../")) {
+          dotdot[0] = '_';
+          dotdot[1] = '_';
+        }
+        
         /* If the file was downloaded before, fnURL is a symlink to
            dstFile */
         if ((READLINK(fnURL, dummy, 1) == -1) && (errno == EINVAL)) {



_______________________________________________
GNUnet-SVN mailing list
GNUnet-SVN@gnu.org
http://lists.gnu.org/mailman/listinfo/gnunet-svn

[GNUnet-SVN] r2359 - gnunet-gtk/src/plugins/fs

Reply via email to