[GNUnet-SVN] r2359 - gnunet-gtk/src/plugins/fs

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r2359 - gnunet-gtk/src/plugins/fs

From:	durner
Subject:	[GNUnet-SVN] r2359 - gnunet-gtk/src/plugins/fs
Date:	Tue, 20 Dec 2005 12:22:36 -0800 (PST)

Author: durner
Date: 2005-12-20 12:21:32 -0800 (Tue, 20 Dec 2005)
New Revision: 2359

Modified:
   gnunet-gtk/src/plugins/fs/download.c
Log:
avoid directory traversal

Modified: gnunet-gtk/src/plugins/fs/download.c
===================================================================
--- gnunet-gtk/src/plugins/fs/download.c        2005-12-20 19:41:43 UTC (rev 
2358)
+++ gnunet-gtk/src/plugins/fs/download.c        2005-12-20 20:21:32 UTC (rev 
2359)
@@ -420,6 +420,7 @@
   GtkTreePath * path;
   struct ECRS_URI * u;
   char *dirPath;
+  char *dotdot;
 
   pos = head;
   while (pos != NULL) {
@@ -527,6 +528,12 @@
         }
         fnURL[len] = 0;
         
+        /* avoid directory traversal */
+        while(dotdot = strstr("../")) {
+          dotdot[0] = '_';
+          dotdot[1] = '_';
+        }
+        
         /* If the file was downloaded before, fnURL is a symlink to
            dstFile */
         if ((READLINK(fnURL, dummy, 1) == -1) && (errno == EINVAL)) {

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r2359 - gnunet-gtk/src/plugins/fs, durner <=

Prev by Date: [GNUnet-SVN] r2358 - gnunet-gtk/src/plugins/fs
Next by Date: [GNUnet-SVN] r2360 - gnunet-gtk/src/plugins/fs
Previous by thread: [GNUnet-SVN] r2358 - gnunet-gtk/src/plugins/fs
Next by thread: [GNUnet-SVN] r2360 - gnunet-gtk/src/plugins/fs
Index(es):
- Date
- Thread