summary refs log tree commit diff
diff options
context:
space:
mode:
authorBarton E. Schaefer <schaefer@zsh.org>2015-09-19 23:03:39 -0700
committerBarton E. Schaefer <schaefer@zsh.org>2015-09-19 23:03:39 -0700
commit4375d7b905dca266c3a14bf603a908eb7c3dfbf2 (patch)
tree32f8457b5a3b626c039152f417e9bd2a91e710f0
parentdf0d86b847fbf5bd1ad383531cd52b261dc07717 (diff)
downloadzsh-4375d7b905dca266c3a14bf603a908eb7c3dfbf2.tar.gz
zsh-4375d7b905dca266c3a14bf603a908eb7c3dfbf2.tar.xz
zsh-4375d7b905dca266c3a14bf603a908eb7c3dfbf2.zip
36562: sanitize $PWD on import, per POSIX
-rw-r--r--ChangeLog4
-rw-r--r--Src/utils.c20
2 files changed, 21 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index bb03894a0..6d99ccd81 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2015-09-19  Barton E. Schaefer  <schaefer@zsh.org>
+
+	* 36562: Src/utils.c: sanitize $PWD on import, per POSIX
+
 2015-09-19  Peter Stephenson  <p.w.stephenson@ntlworld.com>
 
 	* 36559: Src/pattern.c: test earlier for overflow in pattern
diff --git a/Src/utils.c b/Src/utils.c
index 1de3d9578..ab3b0c274 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -692,9 +692,23 @@ ispwd(char *s)
 {
     struct stat sbuf, tbuf;
 
-    if (stat(unmeta(s), &sbuf) == 0 && stat(".", &tbuf) == 0)
-	if (sbuf.st_dev == tbuf.st_dev && sbuf.st_ino == tbuf.st_ino)
-	    return 1;
+    /* POSIX: environment PWD must be absolute */
+    if (*s != '/')
+	return 0;
+
+    if (stat((s = unmeta(s)), &sbuf) == 0 && stat(".", &tbuf) == 0)
+	if (sbuf.st_dev == tbuf.st_dev && sbuf.st_ino == tbuf.st_ino) {
+	    /* POSIX: No element of $PWD may be "." or ".." */
+	    while (*s) {
+		if (s[0] == '.' &&
+		    (!s[1] || s[1] == '/' ||
+		     (s[1] == '.' && (!s[2] || s[2] == '/'))))
+		    break;
+		while (*s++ != '/' && *s)
+		    continue;
+	    }
+	    return !*s;
+	}
     return 0;
 }