ref: 3bfb3402176bfad373f4f0a4f5647dc8e7b8e1d7
parent: 703ffa1f8ae98821222a812e489469df6850234a
author: cinap_lenrek <cinap_lenrek@gmx.de>
date: Thu Oct 3 13:30:03 EDT 2013
tarfs: make file name safe, canonical and free of . and .. (from sources)
--- a/sys/src/cmd/tapefs/tarfs.c
+++ b/sys/src/cmd/tapefs/tarfs.c
@@ -144,10 +144,12 @@
}
f.mode &= DMDIR | 0777;
- /* make file name safe and canonical */
+ /* make file name safe, canonical and free of . and .. */
while (fname[0] == '/') /* don't allow absolute paths */
++fname;
cleanname(fname);
+ while (strncmp(fname, "../", 3) == 0)
+ fname += 3;
/* reject links */
linkflg = hp->linkflag == LF_SYMLINK1 ||
--
⑨