diff options
| author | wens <wens@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2006-12-28 10:41:36 +0800 |
|---|---|---|
| committer | wens <wens@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2006-12-28 10:41:36 +0800 |
| commit | 1890ffe3700b894e97681145d3618930b309d49a (patch) | |
| tree | 1f22361ccc901cfcbe799d30a78c0ea3e10bb59c /util | |
| parent | 6ee23c3429c4021ddaeb80be00be8b7517a02455 (diff) | |
| download | pttbbs-1890ffe3700b894e97681145d3618930b309d49a.tar pttbbs-1890ffe3700b894e97681145d3618930b309d49a.tar.gz pttbbs-1890ffe3700b894e97681145d3618930b309d49a.tar.bz2 pttbbs-1890ffe3700b894e97681145d3618930b309d49a.tar.lz pttbbs-1890ffe3700b894e97681145d3618930b309d49a.tar.xz pttbbs-1890ffe3700b894e97681145d3618930b309d49a.tar.zst pttbbs-1890ffe3700b894e97681145d3618930b309d49a.zip | |
fix potential security hole
git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@3463 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
Diffstat (limited to 'util')
| -rw-r--r-- | util/wretch_man.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/util/wretch_man.c b/util/wretch_man.c index f5e1cfb4..39b91aba 100644 --- a/util/wretch_man.c +++ b/util/wretch_man.c @@ -48,6 +48,9 @@ int transman(char *fname, char *newpath) return -1; while (read(fd, &whdr, sizeof(whdr)) == sizeof(whdr)) { + if (strcmp(whdr.xname, "..") == 0 || strchr(whdr.xname, '/')) + continue; + if (!(whdr.xmode & 0xffff0000)) { /* article */ stampfile(newpath, &fhdr); |