Catch access to paths that are just "." or ".." without any path separator.
authorRyan C. Gordon <icculus@icculus.org>
Thu, 26 Oct 2017 14:37:16 -0400
changeset 1625 b6d25a1927c2
parent 1620 f3459eaad51b
child 1628 7e4d4c55e9f9
Catch access to paths that are just "." or ".." without any path separator.
src/physfs.c
--- a/src/physfs.c	Thu Oct 26 14:21:36 2017 -0400
+++ b/src/physfs.c	Thu Oct 26 14:37:16 2017 -0400
@@ -939,6 +939,10 @@
     while (*src == '/')  /* skip initial '/' chars... */
         src++;
 
+    /* Make sure the entire string isn't "." or ".." */
+    if ((strcmp(src, ".") == 0) || (strcmp(src, "..") == 0))
+        BAIL(PHYSFS_ERR_BAD_FILENAME, 0);
+
     prev = dst;
     do
     {