diff options
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 11 |
1 files changed, 8 insertions, 3 deletions
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth.c,v 1.27 2001/07/11 18:26:15 markus Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.28 2001/10/03 10:01:20 markus Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
29 | #include <login.h> | 29 | #include <login.h> |
@@ -363,7 +363,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, | |||
363 | char *err, size_t errlen) | 363 | char *err, size_t errlen) |
364 | { | 364 | { |
365 | uid_t uid = pw->pw_uid; | 365 | uid_t uid = pw->pw_uid; |
366 | char buf[MAXPATHLEN]; | 366 | char buf[MAXPATHLEN], homedir[MAXPATHLEN]; |
367 | char *cp; | 367 | char *cp; |
368 | struct stat st; | 368 | struct stat st; |
369 | 369 | ||
@@ -372,6 +372,11 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, | |||
372 | strerror(errno)); | 372 | strerror(errno)); |
373 | return -1; | 373 | return -1; |
374 | } | 374 | } |
375 | if (realpath(pw->pw_dir, homedir) == NULL) { | ||
376 | snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir, | ||
377 | strerror(errno)); | ||
378 | return -1; | ||
379 | } | ||
375 | 380 | ||
376 | /* check the open file to avoid races */ | 381 | /* check the open file to avoid races */ |
377 | if (fstat(fileno(f), &st) < 0 || | 382 | if (fstat(fileno(f), &st) < 0 || |
@@ -400,7 +405,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, | |||
400 | } | 405 | } |
401 | 406 | ||
402 | /* If are passed the homedir then we can stop */ | 407 | /* If are passed the homedir then we can stop */ |
403 | if (strcmp(pw->pw_dir, buf) == 0) { | 408 | if (strcmp(homedir, buf) == 0) { |
404 | debug3("secure_filename: terminating check at '%s'", | 409 | debug3("secure_filename: terminating check at '%s'", |
405 | buf); | 410 | buf); |
406 | break; | 411 | break; |