diff options
author | Barton E. Schaefer <schaefer@zsh.org> | 2015-09-19 23:03:39 -0700 |
---|---|---|
committer | Barton E. Schaefer <schaefer@zsh.org> | 2015-09-19 23:03:39 -0700 |
commit | 4375d7b905dca266c3a14bf603a908eb7c3dfbf2 (patch) | |
tree | 32f8457b5a3b626c039152f417e9bd2a91e710f0 /Src | |
parent | df0d86b847fbf5bd1ad383531cd52b261dc07717 (diff) | |
download | zsh-4375d7b905dca266c3a14bf603a908eb7c3dfbf2.tar.gz zsh-4375d7b905dca266c3a14bf603a908eb7c3dfbf2.tar.xz zsh-4375d7b905dca266c3a14bf603a908eb7c3dfbf2.zip |
36562: sanitize $PWD on import, per POSIX
Diffstat (limited to 'Src')
-rw-r--r-- | Src/utils.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/Src/utils.c b/Src/utils.c index 1de3d9578..ab3b0c274 100644 --- a/Src/utils.c +++ b/Src/utils.c @@ -692,9 +692,23 @@ ispwd(char *s) { struct stat sbuf, tbuf; - if (stat(unmeta(s), &sbuf) == 0 && stat(".", &tbuf) == 0) - if (sbuf.st_dev == tbuf.st_dev && sbuf.st_ino == tbuf.st_ino) - return 1; + /* POSIX: environment PWD must be absolute */ + if (*s != '/') + return 0; + + if (stat((s = unmeta(s)), &sbuf) == 0 && stat(".", &tbuf) == 0) + if (sbuf.st_dev == tbuf.st_dev && sbuf.st_ino == tbuf.st_ino) { + /* POSIX: No element of $PWD may be "." or ".." */ + while (*s) { + if (s[0] == '.' && + (!s[1] || s[1] == '/' || + (s[1] == '.' && (!s[2] || s[2] == '/')))) + break; + while (*s++ != '/' && *s) + continue; + } + return !*s; + } return 0; } |