summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-08-06 21:30:53 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-08-06 21:30:53 +0000
commit95148e3de293052afa4cc7708bc1547c697903cc (patch)
treee57e64ddd5813b7e5ec6979b5aec0529eab77274
parentae996bf7d1967c83a0e0d71e9e89fa9a27d839f9 (diff)
- jakob@cvs.openbsd.org 2001/07/31 12:42:50
[sftp-int.c sftp-server.c] avoid paths beginning with "//"; <vinschen@redhat.com> ok markus@
-rw-r--r--ChangeLog6
-rw-r--r--sftp-int.c5
-rw-r--r--sftp-server.c6
3 files changed, 11 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index c44eb959a..0a66f6c9c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -80,6 +80,10 @@
80 add 'SmartcardDevice' client option to specify which smartcard device 80 add 'SmartcardDevice' client option to specify which smartcard device
81 is used to access a smartcard used for storing the user's private RSA 81 is used to access a smartcard used for storing the user's private RSA
82 key. ok markus@. 82 key. ok markus@.
83 - jakob@cvs.openbsd.org 2001/07/31 12:42:50
84 [sftp-int.c sftp-server.c]
85 avoid paths beginning with "//"; <vinschen@redhat.com>
86 ok markus@
83 87
8420010803 8820010803
85 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on 89 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@@ -6190,4 +6194,4 @@
6190 - Wrote replacements for strlcpy and mkdtemp 6194 - Wrote replacements for strlcpy and mkdtemp
6191 - Released 1.0pre1 6195 - Released 1.0pre1
6192 6196
6193$Id: ChangeLog,v 1.1446 2001/08/06 21:27:53 mouring Exp $ 6197$Id: ChangeLog,v 1.1447 2001/08/06 21:30:53 mouring Exp $
diff --git a/sftp-int.c b/sftp-int.c
index 573fea1df..0851e63a2 100644
--- a/sftp-int.c
+++ b/sftp-int.c
@@ -26,7 +26,7 @@
26/* XXX: recursive operations */ 26/* XXX: recursive operations */
27 27
28#include "includes.h" 28#include "includes.h"
29RCSID("$OpenBSD: sftp-int.c,v 1.38 2001/07/09 07:04:53 deraadt Exp $"); 29RCSID("$OpenBSD: sftp-int.c,v 1.39 2001/07/31 12:42:50 jakob Exp $");
30 30
31#include "buffer.h" 31#include "buffer.h"
32#include "xmalloc.h" 32#include "xmalloc.h"
@@ -204,7 +204,8 @@ path_append(char *p1, char *p2)
204 204
205 ret = xmalloc(len); 205 ret = xmalloc(len);
206 strlcpy(ret, p1, len); 206 strlcpy(ret, p1, len);
207 strlcat(ret, "/", len); 207 if (strcmp(p1, "/") != 0)
208 strlcat(ret, "/", len);
208 strlcat(ret, p2, len); 209 strlcat(ret, p2, len);
209 210
210 return(ret); 211 return(ret);
diff --git a/sftp-server.c b/sftp-server.c
index 5f1b37b01..2ef9753bf 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -22,7 +22,7 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: sftp-server.c,v 1.29 2001/06/25 08:25:40 markus Exp $"); 25RCSID("$OpenBSD: sftp-server.c,v 1.30 2001/07/31 12:42:50 jakob Exp $");
26 26
27#include "buffer.h" 27#include "buffer.h"
28#include "bufaux.h" 28#include "bufaux.h"
@@ -756,8 +756,8 @@ process_readdir(void)
756 stats = xrealloc(stats, nstats * sizeof(Stat)); 756 stats = xrealloc(stats, nstats * sizeof(Stat));
757 } 757 }
758/* XXX OVERFLOW ? */ 758/* XXX OVERFLOW ? */
759 snprintf(pathname, sizeof pathname, 759 snprintf(pathname, sizeof pathname, "%s%s%s", path,
760 "%s/%s", path, dp->d_name); 760 strcmp(path, "/") ? "/" : "", dp->d_name);
761 if (lstat(pathname, &st) < 0) 761 if (lstat(pathname, &st) < 0)
762 continue; 762 continue;
763 stat_to_attrib(&st, &(stats[count].attrib)); 763 stat_to_attrib(&st, &(stats[count].attrib));