Attachment #25394 for bug #62537

View | Details | Raw Unified | Return to bug 62537
Collapse All | Expand All




      else if (lower)      c = (unsigned char) tolower((int) c);
    } while ((*p++ = c));
  }

  /* search for "../" in cab filename part and change to "xx/".  This
   * prevents any unintended directory traversal. */
  for (p = &name[dir ? strlen(dir)+1 : 0]; *p; p++) {
    if ((p[0] == '.') && (p[1] == '.') && (p[2] == '/')) {
      p[0] = p[1] = 'x';
      p += 2;
    }
  }

  return (char *) name;
}


Return to bug 62537

Lines 727-732 Link Here

(-)../cabextract-1.0/src/cabextract.c (+10 lines)
727	else if (lower) c = (unsigned char) tolower((int) c);	752	else if (lower) c = (unsigned char) tolower((int) c);
728	} while ((*p++ = c));	753	} while ((*p++ = c));
729	}	754	}
		755
		756	/* search for "../" in cab filename part and change to "xx/". This
		757	* prevents any unintended directory traversal. */
		758	for (p = &name[dir ? strlen(dir)+1 : 0]; *p; p++) {
		759	if ((p[0] == '.') && (p[1] == '.') && (p[2] == '/')) {
		760	p[0] = p[1] = 'x';
		761	p += 2;
		762	}
		763	}
		764
730	return (char *) name;	765	return (char *) name;
731	}	766	}
732		767