diff options
author | Mike Frysinger <vapier@gentoo.org> | 2009-03-31 07:11:14 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2009-03-31 07:14:56 -0400 |
commit | 9cad39b6609508b27b4e872bf24dcf79792e785a (patch) | |
tree | 7a8078368048359caa39fed2a1428f0b7d0d18c3 /libsandbox | |
parent | libsandbox: fix regression during merge of tracing code (diff) | |
download | sandbox-9cad39b6609508b27b4e872bf24dcf79792e785a.tar.gz sandbox-9cad39b6609508b27b4e872bf24dcf79792e785a.tar.bz2 sandbox-9cad39b6609508b27b4e872bf24dcf79792e785a.zip |
libsandbox: fix crash with unreadable paths
When trying to deal with simple paths like ".." in an unreadable tree,
the realpath code would scan back too far with pointers and crash.
mkdir -p a/b
cd a/b
chmod a-rx ..
ls ..
<boom>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'libsandbox')
-rw-r--r-- | libsandbox/canonicalize.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/libsandbox/canonicalize.c b/libsandbox/canonicalize.c index 4efabf2..19682c2 100644 --- a/libsandbox/canonicalize.c +++ b/libsandbox/canonicalize.c @@ -157,7 +157,8 @@ erealpath(const char *name, char *resolved) else if (end - start == 2 && start[0] == '.' && start[1] == '.') { /* Back up to previous component, ignore if at root already. */ if (dest > rpath + 1) - while ((--dest)[-1] != '/') ; + while (dest > rpath && (--dest)[-1] != '/') + continue; } else { size_t new_size; |