dont allow .. ../ /../ and /.. and absolute paths starting with / in the test

author raster <raster>

Thu, 31 Mar 2005 08:36:10 +0000 (08:36 +0000)

committer raster <raster@7cbeb6ba-43b4-40fd-8cce-4c39aea84d33>

Thu, 31 Mar 2005 08:36:10 +0000 (08:36 +0000)
author raster <raster>
Thu, 31 Mar 2005 08:36:10 +0000 (08:36 +0000)
committer raster <raster@7cbeb6ba-43b4-40fd-8cce-4c39aea84d33>
Thu, 31 Mar 2005 08:36:10 +0000 (08:36 +0000)
diff --git a/src/bin/eet_main.c b/src/bin/eet_main.c

index aa5ff17..f0fb86f 100644 (file)
--- a/src/bin/eet_main.c
+++ b/src/bin/eet_main.c
@@ -205,8 +205,19 @@ depak_file(Eet_File *ef, char *file)
       {
         FILE *f;
         char buf[PATH_MAX];
+       int len;
         
-       strcpy(buf, file);
+       strncpy(buf, file, sizeof(buf) - 1);
+       buf[sizeof(buf) - 1] = 0;
+       if (buf[0] == '/') return;
+       if (!strcmp(buf, "..")) return;
+       if (!strncmp(buf, "../", 3)) return;
+       if (strstr(buf, "/../")) return;
+       len = strlen(buf);
+       if (len >= 3)
+         {
+            if (!strcmp(&(buf[len - 3]), "/..")) return;
+         }
         last = strrchr(buf, '/');
         if (last) 
           {
author	raster <raster>
	Thu, 31 Mar 2005 08:36:10 +0000 (08:36 +0000)
committer	raster <raster@7cbeb6ba-43b4-40fd-8cce-4c39aea84d33>
	Thu, 31 Mar 2005 08:36:10 +0000 (08:36 +0000)