From 179bd1d40a0abbb2d3ae8931ebe861829fad3fb6 Mon Sep 17 00:00:00 2001
From: "Ryan C. Gordon" <icculus@icculus.org>
Date: Thu, 26 Oct 2017 14:37:16 -0400
Subject: [PATCH] Catch access to paths that are just "." or ".." without any
 path separator. (transplanted from b6d25a1927c2274cf31166a74b87b24e2752e0e8)

---
 src/physfs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/physfs.c b/src/physfs.c
index 3a166268..19148ad5 100644
--- a/src/physfs.c
+++ b/src/physfs.c
@@ -939,6 +939,10 @@ static int sanitizePlatformIndependentPath(const char *src, char *dst)
     while (*src == '/')  /* skip initial '/' chars... */
         src++;
 
+    /* Make sure the entire string isn't "." or ".." */
+    if ((strcmp(src, ".") == 0) || (strcmp(src, "..") == 0))
+        BAIL(PHYSFS_ERR_BAD_FILENAME, 0);
+
     prev = dst;
     do
     {