diff options
author | Ingo Schwarze <schwarze@openbsd.org> | 2014-07-19 11:35:12 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@openbsd.org> | 2014-07-19 11:35:12 +0000 |
commit | 52307465eda0160606943b97a728c54484b26fd7 (patch) | |
tree | ddc206065fec999715195d40c22fe7c288de3e94 /term.c | |
parent | 6d9b8bc9ac9935024b9c1b5d06d4f294d7fce3d1 (diff) | |
download | mandoc-52307465eda0160606943b97a728c54484b26fd7.tar.gz mandoc-52307465eda0160606943b97a728c54484b26fd7.tar.zst mandoc-52307465eda0160606943b97a728c54484b26fd7.zip |
Security fix:
Validate the name of the file to show before opening it.
Only allow relative filenames starting with "man" or "cat"
and containing neither "/.." nor "../".
While here, correct the condition discarding an initial "./".
Vulnerability found by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
Many thanks for sending a patch; however, i did not use it but made the
checks even stricter.
Diffstat (limited to 'term.c')
0 files changed, 0 insertions, 0 deletions