www/w3m/patches/patch-ah


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

$NetBSD: patch-ah,v 1.1 2001/09/28 10:10:41 itojun Exp $

plug security hole.
http://mi.med.tohoku.ac.jp/~satodai/w3m-dev/200109.month/2226.html

--- indep.c.orig	Fri Sep 28 18:57:03 2001
+++ indep.c	Fri Sep 28 18:58:06 2001
@@ -74,14 +74,14 @@
 #endif				/* __EMX__ */
 
 char *
-cleanupName(char *name)
+cleanupName2(char *name, int flag)
 {
     char *buf, *p, *q;
 
     buf = allocStr(name, 0);
     p = buf;
     q = name;
-    while (*q != '\0' && *q != '?') {
+    while (*q != '\0' && (*q != '?' || ! flag)) {
 	if (strncmp(p, "/../", 4) == 0) {	/* foo/bar/../FOO */
 	    if (p - 2 == buf && strncmp(p - 2, "..", 2) == 0) {
 		/* ../../       */