Re: pkg/55684 (Absolute & relative directory traversal with archivers/zoo)

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost,stegozor%gmail.com@localhost
Subject: Re: pkg/55684 (Absolute & relative directory traversal with archivers/zoo)
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sun, 4 Oct 2020 18:30:02 +0000 (UTC)

The following reply was made to PR pkg/55684; it has been noted by GNATS.

From: Joerg Sonnenberger <joerg%bec.de@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost,
	stegozor%gmail.com@localhost
Subject: Re: pkg/55684 (Absolute & relative directory traversal with
 archivers/zoo)
Date: Sun, 4 Oct 2020 20:28:08 +0200

 On Sun, Oct 04, 2020 at 10:40:01AM +0000, Martin Husemann wrote:
 >  +   /* remove all "../" inside filename */
 >  +   while ((p = strstr( fname, "../" )) != NULL) {
 >  +      l = strlen(p+3);
 >  +      if (l == 0)
 >  +        *p = 0;
 >  +      else
 >  +         memmove(p, p+3, l);
 >  +   }
 
 This doesn't seem to be correct. It should remove "../" from the start
 of the path and "/../" anywhere else. foo../ is a valid path name.
 
 Joerg

Prev by Date: Re: pkg/55684 (Absolute & relative directory traversal with archivers/zoo)
Next by Date: Re: pkg/45716 (emacs (various versions) dies on unwind stuff in gcc 4.5)
Previous by Thread: Re: pkg/55684 (Absolute & relative directory traversal with archivers/zoo)
Next by Thread: Re: pkg/55684 (Absolute & relative directory traversal with archivers/zoo)
Indexes:

Home | Main Index | Thread Index | Old Index