JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* path.cc (normalize_posix_path): Fix long-standing problem which

Browse Source 
allows to access files via ".." using an invalid POSIX path.
This commit is contained in:
Corinna Vinschen
2013-06-12 17:45:42 +00:00
parent bb345ed147
commit 0b8722c2db
3 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
winsup/cygwin/path.cc
View File

@@ -240,6 +240,7 @@ normalize_posix_path (const char *src, char *dst, char *&tail)
{
const char *in_src = src;
char *dst_start = dst;
bool check_parent = false;
syscall_printf ("src %s", src);
if ((isdrive (src) && isdirsep (src[2])) || *src == '\\')
@@ -278,6 +279,7 @@ normalize_posix_path (const char *src, char *dst, char *&tail)
*tail++ = *src++;
else
{
check_parent = true;
while (*++src)
{
if (isslash (*src))
@@ -301,6 +303,21 @@ normalize_posix_path (const char *src, char *dst, char *&tail)
break;
else
{
/* According to POSIX semantics all elements of path must
exist. To follow it, we must validate our path before
removing the trailing component. Check_parent is needed
for performance optimization, in order not to verify paths
which are already verified. For example this prevents
double check in case of foo/bar/../.. */
if (check_parent)
{
*tail = 0;
debug_printf ("checking %s before '..'", dst_start);
path_conv head (dst_start);
if (!head.isdir())
return ENOENT;
check_parent = false;
}
while (tail > dst_start && !isslash (*--tail))
continue;
src++;