Attachment #17910 for bug #51659

View | Details | Raw Unified | Return to bug 51659
Collapse All | Expand All




    int reposdirname_absolute;
    int newdir = 0;

    /* For security reasons, if PATHNAME is absolute or attemps to ascend
     * outside of the current sanbbox, we abort.  The server should not send us
     * anything but relative paths which remain inside the sandbox here.
     * Anything less means a trojan CVS server could create and edit arbitrary
     * files on the client.
     */
    if (isabsolute (pathname) || pathname_levels (pathname) > 0)
    {
	error (0, 0,
               "Server attempted to update a file via an invalid pathname:");
        error (1, 0, "`%s'.", pathname);
    }

    reposname = NULL;
    read_line (&reposname);
    assert (reposname != NULL);

Return to bug 51659

Lines 1045-1050 call_in_directory (pathname, func, data) Link Here

(-)src/client.c (+13 lines)
1045	int reposdirname_absolute;	1045	int reposdirname_absolute;
1046	int newdir = 0;	1046	int newdir = 0;
1047		1047
		1048	/* For security reasons, if PATHNAME is absolute or attemps to ascend
		1049	* outside of the current sanbbox, we abort. The server should not send us
		1050	* anything but relative paths which remain inside the sandbox here.
		1051	* Anything less means a trojan CVS server could create and edit arbitrary
		1052	* files on the client.
		1053	*/
		1054	if (isabsolute (pathname) \|\| pathname_levels (pathname) > 0)
		1055	{
		1056	error (0, 0,
		1057	"Server attempted to update a file via an invalid pathname:");
		1058	error (1, 0, "`%s'.", pathname);
		1059	}
		1060
1048	reposname = NULL;	1061	reposname = NULL;
1049	read_line (&reposname);	1062	read_line (&reposname);
1050	assert (reposname != NULL);	1063	assert (reposname != NULL);