privsep: Avoid the /proc/../ escape

author Roy Marples <roy@marples.name>

Sun, 24 May 2020 13:49:41 +0000 (14:49 +0100)

committer Roy Marples <roy@marples.name>

Sun, 24 May 2020 13:49:41 +0000 (14:49 +0100)
author Roy Marples <roy@marples.name>
Sun, 24 May 2020 13:49:41 +0000 (14:49 +0100)
committer Roy Marples <roy@marples.name>
Sun, 24 May 2020 13:49:41 +0000 (14:49 +0100)
diff --git a/src/privsep-root.c b/src/privsep-root.c

index cba469db9f86fa05545cbc933051e020bdbf330a..5884357af8e6007503ffb0839becfb04a3c35904 100644 (file)
--- a/src/privsep-root.c
+++ b/src/privsep-root.c
@@ -288,6 +288,11 @@ static bool
  ps_root_validpath(const struct dhcpcd_ctx *ctx, uint16_t cmd, const char *path)
  {
  
+       /* Avoid a previous directory attack to avoid /proc/../
+        * dhcpcd should never use a path with double dots. */
+       if (strstr(path, "..") != NULL)
+               return false;
+
         if (cmd == PS_READFILE) {
                 if (strcmp(ctx->cffile, path) == 0)
                         return true;
author	Roy Marples <roy@marples.name>
	Sun, 24 May 2020 13:49:41 +0000 (14:49 +0100)
committer	Roy Marples <roy@marples.name>
	Sun, 24 May 2020 13:49:41 +0000 (14:49 +0100)