From: Lennart Poettering Date: Thu, 30 Apr 2015 17:44:10 +0000 (+0200) Subject: util: be a bit safer in path_is_safe() X-Git-Tag: v220~213 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6442185ab674cc202d63c18605057b9a51ca2722;p=thirdparty%2Fsystemd.git util: be a bit safer in path_is_safe() We should be more strict when verifying paths with path_is_safe() for potentially dangerous constructs, and that includes lengths of PATH_MAX-1 and larger. Be more accurate here. --- diff --git a/src/shared/util.c b/src/shared/util.c index 2c7254eedac..d9bd34b3b64 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -3917,7 +3917,7 @@ bool path_is_safe(const char *p) { if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../")) return false; - if (strlen(p) > PATH_MAX) + if (strlen(p)+1 > PATH_MAX) return false; /* The following two checks are not really dangerous, but hey, they still are confusing */