Catch access to paths that are just "." or ".." without any path separator. stable-3.0
authorRyan C. Gordon <icculus@icculus.org>
Thu, 26 Oct 2017 14:37:16 -0400
branchstable-3.0
changeset 1626 79692f33ebf0
parent 1624 e6921cdff303
child 1627 fa8e38bcc354
Catch access to paths that are just "." or ".." without any path separator.
(transplanted from b6d25a1927c2274cf31166a74b87b24e2752e0e8)
src/physfs.c
--- a/src/physfs.c	Thu Oct 26 14:21:36 2017 -0400
+++ b/src/physfs.c	Thu Oct 26 14:37:16 2017 -0400
@@ -939,6 +939,10 @@
     while (*src == '/')  /* skip initial '/' chars... */
         src++;
 
+    /* Make sure the entire string isn't "." or ".." */
+    if ((strcmp(src, ".") == 0) || (strcmp(src, "..") == 0))
+        BAIL(PHYSFS_ERR_BAD_FILENAME, 0);
+
     prev = dst;
     do
     {