src/common/util.c:expand_filename() - Perhaps use GetFullPathName() as a form of...

author Jeremy <jeremy@sturgix.com>

Tue, 1 Dec 2015 20:41:03 +0000 (15:41 -0500)

committer Nick Mathewson <nickm@torproject.org>

Tue, 16 Feb 2016 16:21:45 +0000 (11:21 -0500)
author Jeremy <jeremy@sturgix.com>
Tue, 1 Dec 2015 20:41:03 +0000 (15:41 -0500)
committer Nick Mathewson <nickm@torproject.org>
Tue, 16 Feb 2016 16:21:45 +0000 (11:21 -0500)
diff --git a/src/common/util.c b/src/common/util.c

index b33c80fd454728bdb1f0f0e137d2ad6630d7e2b5..e8044f9089f05e33ea9507c432d14db2b4b048c6 100644 (file)
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -2873,6 +2873,9 @@ expand_filename(const char *filename)
  {
    tor_assert(filename);
  #ifdef _WIN32
+  /* Might consider using GetFullPathName() as described here:
+   * http://etutorials.org/Programming/secure+programming/Chapter+3.+Input+Validation/3.7+Validating+Filenames+and+Paths/
+   */
    return tor_strdup(filename);
  #else
    if (*filename == '~') {
author	Jeremy <jeremy@sturgix.com>
	Tue, 1 Dec 2015 20:41:03 +0000 (15:41 -0500)
committer	Nick Mathewson <nickm@torproject.org>
	Tue, 16 Feb 2016 16:21:45 +0000 (11:21 -0500)