From 4e596404535f7a53e46403be039c16a5d05649b5 Mon Sep 17 00:00:00 2001
From: Roy Marples <roy@marples.name>
Date: Sun, 24 May 2020 14:49:41 +0100
Subject: [PATCH] privsep: Avoid the /proc/../ escape

---
 src/privsep-root.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/privsep-root.c b/src/privsep-root.c
index cba469db..5884357a 100644
--- a/src/privsep-root.c
+++ b/src/privsep-root.c
@@ -288,6 +288,11 @@ static bool
 ps_root_validpath(const struct dhcpcd_ctx *ctx, uint16_t cmd, const char *path)
 {
 
+	/* Avoid a previous directory attack to avoid /proc/../
+	 * dhcpcd should never use a path with double dots. */
+	if (strstr(path, "..") != NULL)
+		return false;
+
 	if (cmd == PS_READFILE) {
 		if (strcmp(ctx->cffile, path) == 0)
 			return true;
-- 
2.47.3