The following patch fixes all of the problems reported in the CERT advisory
forwarded by Elizabeth (except for the symlink-check business, which I'd fixed
already long ago). I did finally decide to do everything in no2slash(), for
the sake of simplicity...
*** util.c~ Fri Nov 3 14:07:10 1995
--- util.c Mon Nov 6 12:16:48 1995
***************
*** 217,229 ****
}
}
void no2slash(char *name) {
- register int x,y;
! for(x=0; name[x]; x++)
! if(x && (name[x-1] == '/') && (name[x] == '/'))
! for(y=x+1;name[y-1];y++)
! name[y-1] = name[y];
}
char *make_dirstr(pool *p, char *s, int n) {
--- 217,264 ----
}
}
+ static void strip_slash_segment(char *segment)
+ {
+ /* Delete any number of leading slashes or *single* '.'
+ * characters from seg...
+ */
+ char *endslashes = segment;
+
+ /* Find end of redundant segment delimeters */
+
+ while (*endslashes) {
+ if (endslashes[0] == '/') ++endslashes;
+ else if (endslashes[0] == '.' &&
+ (endslashes[1] == '/' || endslashes[1] == '\0'))
+ ++endslashes;
+ else break;
+ }
+
+ /* Check that copy below will do something --- don't bother if
+ * we have nothing to trim.
+ */
+
+ if (endslashes == segment) return;
+
+ /* Copy trailing string over them, including final NUL */
+
+ while (*endslashes) *segment++ = *endslashes++;
+ *segment = '\0';
+ }
+
void no2slash(char *name) {
! if (*name == '/') ++name;
!
! /* At top of this loop, name is past the next '/' character.
! * Strip away redundant delimeters afterwards, and repeat.
! */
!
! while (name && *name) {
! strip_slash_segment(name);
! name = strchr (name + 1, '/');
! if (name) ++ name;
! }
}
char *make_dirstr(pool *p, char *s, int n) {
forwarded by Elizabeth (except for the symlink-check business, which I'd fixed
already long ago). I did finally decide to do everything in no2slash(), for
the sake of simplicity...
*** util.c~ Fri Nov 3 14:07:10 1995
--- util.c Mon Nov 6 12:16:48 1995
***************
*** 217,229 ****
}
}
void no2slash(char *name) {
- register int x,y;
! for(x=0; name[x]; x++)
! if(x && (name[x-1] == '/') && (name[x] == '/'))
! for(y=x+1;name[y-1];y++)
! name[y-1] = name[y];
}
char *make_dirstr(pool *p, char *s, int n) {
--- 217,264 ----
}
}
+ static void strip_slash_segment(char *segment)
+ {
+ /* Delete any number of leading slashes or *single* '.'
+ * characters from seg...
+ */
+ char *endslashes = segment;
+
+ /* Find end of redundant segment delimeters */
+
+ while (*endslashes) {
+ if (endslashes[0] == '/') ++endslashes;
+ else if (endslashes[0] == '.' &&
+ (endslashes[1] == '/' || endslashes[1] == '\0'))
+ ++endslashes;
+ else break;
+ }
+
+ /* Check that copy below will do something --- don't bother if
+ * we have nothing to trim.
+ */
+
+ if (endslashes == segment) return;
+
+ /* Copy trailing string over them, including final NUL */
+
+ while (*endslashes) *segment++ = *endslashes++;
+ *segment = '\0';
+ }
+
void no2slash(char *name) {
! if (*name == '/') ++name;
!
! /* At top of this loop, name is past the next '/' character.
! * Strip away redundant delimeters afterwards, and repeat.
! */
!
! while (name && *name) {
! strip_slash_segment(name);
! name = strchr (name + 1, '/');
! if (name) ++ name;
! }
}
char *make_dirstr(pool *p, char *s, int n) {