From: Jeremy <jeremy@sturgix.com>
Date: Tue, 1 Dec 2015 20:41:03 +0000 (-0500)
Subject: src/common/util.c:expand_filename() - Perhaps use GetFullPathName() as a form of... 
X-Git-Tag: tor-0.2.8.2-alpha~119^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4e19133dccfc4d252e9ed2695f6fe49bb4503ac8;p=thirdparty%2Ftor.git

src/common/util.c:expand_filename() - Perhaps use GetFullPathName() as a form of input validation on the filename argument.
---

diff --git a/src/common/util.c b/src/common/util.c
index b33c80fd45..e8044f9089 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -2873,6 +2873,9 @@ expand_filename(const char *filename)
 {
   tor_assert(filename);
 #ifdef _WIN32
+  /* Might consider using GetFullPathName() as described here:
+   * http://etutorials.org/Programming/secure+programming/Chapter+3.+Input+Validation/3.7+Validating+Filenames+and+Paths/
+   */
   return tor_strdup(filename);
 #else
   if (*filename == '~') {