mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-20 15:24:25 +00:00
In realpath(), make sure each path component consists only of safe
characters, and untaint it.
This commit is contained in:
parent
614232077b
commit
8b4c82b30e
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=148513
|
@ -91,7 +91,9 @@ sub realpath($;$) {
|
|||
or die("unable to resolve symlink '$realpath/$part': $!\n");
|
||||
$realpath = realpath($target, $realpath);
|
||||
} else {
|
||||
$realpath .= "/$part";
|
||||
$part =~ m/^([\w.-]+)$/
|
||||
or die("unsafe path '$realpath/$part'\n");
|
||||
$realpath .= "/$1";
|
||||
}
|
||||
}
|
||||
return $realpath;
|
||||
|
|
Loading…
Reference in a new issue