libsandbox: fix crash with unreadable paths

When trying to deal with simple paths like ".." in an unreadable tree, the realpath code would scan back too far with pointers and crash. mkdir -p a/b cd a/b chmod a-rx .. ls .. <boom> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
author: Mike Frysinger <vapier@gentoo.org> 2009-03-31 07:11:14 -0400
committer: Mike Frysinger <vapier@gentoo.org> 2009-03-31 07:14:56 -0400
commit: 9cad39b6609508b27b4e872bf24dcf79792e785a (patch)
tree: 7a8078368048359caa39fed2a1428f0b7d0d18c3 /libsandbox
parent: libsandbox: fix regression during merge of tracing code (diff)
download: sandbox-9cad39b6609508b27b4e872bf24dcf79792e785a.tar.gz
sandbox-9cad39b6609508b27b4e872bf24dcf79792e785a.tar.bz2
sandbox-9cad39b6609508b27b4e872bf24dcf79792e785a.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/libsandbox/canonicalize.c b/libsandbox/canonicalize.c
index 4efabf2..19682c2 100644
--- a/libsandbox/canonicalize.c
+++ b/libsandbox/canonicalize.c
@@ -157,7 +157,8 @@ erealpath(const char *name, char *resolved)
 		else if (end - start == 2 && start[0] == '.' && start[1] == '.') {
 			/* Back up to previous component, ignore if at root already.  */
 			if (dest > rpath + 1)
-				while ((--dest)[-1] != '/') ;
+				while (dest > rpath && (--dest)[-1] != '/')
+					continue;
 		} else {
 			size_t new_size;
author	Mike Frysinger <vapier@gentoo.org>	2009-03-31 07:11:14 -0400
committer	Mike Frysinger <vapier@gentoo.org>	2009-03-31 07:14:56 -0400
commit	9cad39b6609508b27b4e872bf24dcf79792e785a (patch)
tree	7a8078368048359caa39fed2a1428f0b7d0d18c3 /libsandbox
parent	libsandbox: fix regression during merge of tracing code (diff)
download	sandbox-9cad39b6609508b27b4e872bf24dcf79792e785a.tar.gz sandbox-9cad39b6609508b27b4e872bf24dcf79792e785a.tar.bz2 sandbox-9cad39b6609508b27b4e872bf24dcf79792e785a.zip