[Slirp] [PATCH] slirp: tftp: restrict relative path access
P J P
ppandit at redhat.com
Mon Jan 13 11:46:40 UTC 2020
+-- On Sun, 12 Jan 2020, Samuel Thibault wrote --+
| Samuel Thibault, le dim. 12 janv. 2020 22:11:25 +0100, a ecrit:
| > For reference, could you include the following private launchpad issue?
| >
| > https://bugs.launchpad.net/qemu/+bug/1812451
|
| (I mean, include the URL in the commit log)
+-- On Sun, 12 Jan 2020, Samuel Thibault wrote --+
| > | Maybe:
| > | if (
| > | #if G_OS_WIN32
| > | strstr(req_fname, "..\\") ||
| > | req_fname[strlen(req_fname) - 1] == '\\' ||
| > | #endif
| > | strstr(req_fname, "../") ||
| > | req_fname[strlen(req_fname) - 1] == '/')
| > |
| > | although I'm not a fan of #if mid-expression.
| >
| > True, it'll be difficult to read/follow.
|
| I'd be fine with the snippet above.
Okay, will do both.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
More information about the Slirp
mailing list