From 1890ffe3700b894e97681145d3618930b309d49a Mon Sep 17 00:00:00 2001
From: wens <wens@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>
Date: Thu, 28 Dec 2006 02:41:36 +0000
Subject: fix potential security hole

git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@3463 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
---
 util/wretch_man.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'util/wretch_man.c')

diff --git a/util/wretch_man.c b/util/wretch_man.c
index f5e1cfb4..39b91aba 100644
--- a/util/wretch_man.c
+++ b/util/wretch_man.c
@@ -48,6 +48,9 @@ int transman(char *fname, char *newpath)
 	return -1;
 
     while (read(fd, &whdr, sizeof(whdr)) == sizeof(whdr)) {
+	if (strcmp(whdr.xname, "..") == 0 || strchr(whdr.xname, '/'))
+	    continue;
+
 	if (!(whdr.xmode & 0xffff0000)) {
 	    /* article */
 	    stampfile(newpath, &fhdr);
-- 
cgit v1.2.3