From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 6 Nov 2019 12:44:42 +0000 (-0500)
Subject: don't use dirname() or basename().  They are NOT safe.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a8f8180df7a942280855c3298bf6f152071b6cc3;p=thirdparty%2Ffreeradius-server.git

don't use dirname() or basename().  They are NOT safe.
---

diff --git a/src/bin/unit_test_attribute.c b/src/bin/unit_test_attribute.c
index 56d012ea11b..d79f6762e40 100644
--- a/src/bin/unit_test_attribute.c
+++ b/src/bin/unit_test_attribute.c
@@ -2328,7 +2328,19 @@ int main(int argc, char *argv[])
 		int i;
 
 		for (i = 1; i < argc; i++) {
-			ret = process_file(&exit_now, autofree, features, dict, dirname(argv[i]), basename(argv[i]));
+			char *dir, *file;
+			char *p = strrchr(argv[i], '/');
+
+			if (p) {
+				*p = '\0'; /* we are allowed to modify our arguments.  No one cares. */
+				dir = argv[i];
+				file = p + 1;
+			} else {
+				dir = NULL;
+				file = argv[i];
+			}
+
+			ret = process_file(&exit_now, autofree, features, dict, dir, file);
 			if ((ret != 0) || exit_now) break;
 		}
 	}