bug-gv
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-gv] [PATCH] ignore resource and style files without absolute paths


From: Bernhard R. Link
Subject: [bug-gv] [PATCH] ignore resource and style files without absolute paths
Date: Thu, 28 Apr 2011 16:25:07 +0200
User-agent: Mutt/1.5.18 (2008-05-17)

The current search path is current directory, home directory,
and then GV_LIBDIR (but no /) prepended.
As GV_LIBDIR without the slash cannot have worked for anyone
yet and looking into the current directory is quite some security
risk (in case anyone actually used that option), reject filenames
not being absolute.

---
 src/resource.c |   33 +++++++--------------------------
 1 files changed, 7 insertions(+), 26 deletions(-)

diff --git a/src/resource.c b/src/resource.c
index c50e83a..5c611a2 100644
--- a/src/resource.c
+++ b/src/resource.c
@@ -865,7 +865,6 @@ static char* resource_mergeFileIntoDatabase(dbP,name)
      char *name;
 {
   char tmp[GV_MAX_FILENAME_LENGTH];
-  int useful=0;
 
   BEGINMESSAGE(resource_mergeFileIntoDatabase)
 
@@ -877,36 +876,18 @@ static char* resource_mergeFileIntoDatabase(dbP,name)
   strcpy(tmp,name);
   file_translateTildeInPath(tmp);
 
-  if (file_fileIsNotUseful(tmp)) {
+  if (tmp[0] != '/') {
+    fprintf(stderr, "Ignoring resource file '%s'='%s' as no absolute path!\n",
+                   name, tmp);
+    name = NULL;
+  } else if (file_fileIsNotUseful(tmp)) {
     INFSMESSAGE(not useful,tmp)
-      if (name != file_locateFilename(name)) useful=-1;
-      else {
-
-       sprintf(tmp,"~/%s",name);
-       file_translateTildeInPath(tmp);
-
-      }
-  } else useful=1;
-
-  if (!useful) {
-
-    if (!useful && file_fileIsNotUseful(tmp)) {
-      INFSMESSAGE(not useful,tmp)
-       sprintf(tmp,"%s%s",GV_LIBDIR,name);
-    } else useful=1;
-
-    if (!useful && file_fileIsNotUseful(tmp)) {
-      INFSMESSAGE(not useful,tmp)
-       INFMESSAGE(giving up)
-       } else useful=1;
-  }
-
-  if (useful==1) {
+    name = NULL;
+  } else {
     INFSMESSAGE(merging,tmp)
       XrmCombineFileDatabase(tmp,dbP,True);
     name = XtNewString(tmp);
   }
-  else name=NULL;
   ENDMESSAGE(resource_mergeFileIntoDatabase)
     return(name);
 }
-- 
1.5.6.5


        Bernhard R. Link



reply via email to

[Prev in Thread] Current Thread [Next in Thread]