daemon: sanitize all directory separators

author René Scharfe <l.s.r@web.de>

Thu, 25 Mar 2021 16:21:24 +0000 (17:21 +0100)

committer Junio C Hamano <gitster@pobox.com>

Sat, 27 Mar 2021 05:00:12 +0000 (22:00 -0700)
author René Scharfe <l.s.r@web.de>
Thu, 25 Mar 2021 16:21:24 +0000 (17:21 +0100)
committer Junio C Hamano <gitster@pobox.com>
Sat, 27 Mar 2021 05:00:12 +0000 (22:00 -0700)
diff --git a/daemon.c b/daemon.c

index 2ab7ea82eb0b4f7c62c553e1e65c16644983f7de..0561c19ee8b7b9046f44bb6c54a2c692fae83de9 100644 (file)
--- a/daemon.c
+++ b/daemon.c
@@ -566,14 +566,14 @@ static void parse_host_and_port(char *hostport, char **host,
  
  /*
   * Sanitize a string from the client so that it's OK to be inserted into a
- * filesystem path. Specifically, we disallow slashes, runs of "..", and
- * trailing and leading dots, which means that the client cannot escape
- * our base path via ".." traversal.
+ * filesystem path. Specifically, we disallow directory separators, runs
+ * of "..", and trailing and leading dots, which means that the client
+ * cannot escape our base path via ".." traversal.
   */
  static void sanitize_client(struct strbuf *out, const char *in)
  {
         for (; *in; in++) {
-               if (*in == '/')
+               if (is_dir_sep(*in))
                         continue;
                 if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.'))
                         continue;
author	René Scharfe <l.s.r@web.de>
	Thu, 25 Mar 2021 16:21:24 +0000 (17:21 +0100)
committer	Junio C Hamano <gitster@pobox.com>
	Sat, 27 Mar 2021 05:00:12 +0000 (22:00 -0700)