blob: 4829916bb5c0d2b2f326346c9b2d9435fdb58399 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
$NetBSD: patch-ak,v 1.2 2008/04/02 22:03:07 tonnerre Exp $
Fix directory traversal vulnerability (CVE-2007-4131).
--- src/names.c.orig 2004-09-06 13:30:54.000000000 +0200
+++ src/names.c
@@ -1152,11 +1152,10 @@ contains_dot_dot (char const *name)
if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
return 1;
- do
+ while (! ISSLASH (*p))
{
if (! *p++)
return 0;
}
- while (! ISSLASH (*p));
}
}
|
