[Slirp] [PATCH] slirp: tftp: restrict relative path access

P J P ppandit at redhat.com
Mon Jan 13 11:46:40 UTC 2020


+-- On Sun, 12 Jan 2020, Samuel Thibault wrote --+
| Samuel Thibault, le dim. 12 janv. 2020 22:11:25 +0100, a ecrit:
| > For reference, could you include the following private launchpad issue?
| > 
| > https://bugs.launchpad.net/qemu/+bug/1812451
| 
| (I mean, include the URL in the commit log)

+-- On Sun, 12 Jan 2020, Samuel Thibault wrote --+
| > | Maybe:
| > | if (
| > | #if G_OS_WIN32
| > |     strstr(req_fname, "..\\") ||
| > |     req_fname[strlen(req_fname) - 1] == '\\' ||
| > | #endif
| > |     strstr(req_fname, "../") ||
| > |     req_fname[strlen(req_fname) - 1] == '/')
| > | 
| > | although I'm not a fan of #if mid-expression.
| > 
| >   True, it'll be difficult to read/follow.
| 
| I'd be fine with the snippet above.

Okay, will do both.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D



More information about the Slirp mailing list