Sanitize leading dots from log path components - catgirl

diff options

author	June McEnroe <june@causal.agency>	2022-04-20 18:29:28 -0400
committer	June McEnroe <june@causal.agency>	2022-04-20 18:29:28 -0400
commit	1b8be724bc5f3cc18da770e01174719ec4890791 (patch)
tree	79cbb0ba57f3bf265c587089aca902f786e73639 /chat.c
parent	Add screenshot to README (diff)
download	catgirl-1b8be724bc5f3cc18da770e01174719ec4890791.tar.gz catgirl-1b8be724bc5f3cc18da770e01174719ec4890791.zip

Sanitize leading dots from log path components

Prevent directory traversal by sanitizing leading dots as well as
slashes from log path components, which can be controlled by the
server. Side effect of preventing hidden dotfiles is a bonus, I
think.

Also check that the full path actually fits in the buffer.

Reported-by: Samanta Navarro <ferivoz@riseup.net>

Diffstat (limited to 'chat.c')

0 files changed, 0 insertions, 0 deletions

7ab4af41b0bef3203f06962f35d3e2ecabdff1&follow=1'>Only use cells for moveColumnJune McEnroe So long as the move queuer doesn't use empty tableau stacks correctly, it shouldn't use them at all. This way it's easier to do the correct moves manually. 2022-01-19Add SDL2Config.cmake workarounds for MinGW compilerWilliam D. Jones 2022-01-19Only require CJune McEnroe 2022-01-19Only require CJune McEnroe 2022-01-19Add basic installJune McEnroe 2022-01-19Use cards with add_subdirectoryJune McEnroe 2022-01-19Replace build system with cmakeJune McEnroe 2022-01-19Replace build system with cmakeJune McEnroe Thanks to cr1901 for helping to test this on Windows. 2020-03-31Allow choosing freecell game on command lineJune McEnroe 2020-01-27Remove cards submoduleJune McEnroe 2019-12-19Remove READMEJune McEnroe 2019-12-16Update submodule URLJune McEnroe 2019-12-15Use symlink for README.3June McEnroe 2019-08-27Show game number in titleJune McEnroe 2019-08-27Replicate the FreeCell LCG and deal algorithmJune McEnroe 2019-08-26Move as deep a stack as possible to empty columnsJune McEnroe 2019-08-26Simplify card and stack function namesJune McEnroe 2019-08-26Clean up namingJune McEnroe 2019-08-25Rewrite FreeCellJune McEnroe With move sequencing! 2019-08-25Build with cards submoduleJune McEnroe 2019-08-25Add cards submoduleJune McEnroe 2019-08-25Remove files from cards repoJune McEnroe 2019-08-22Add READMEJune McEnroe 2019-08-22Add exampleJune McEnroe 2019-08-22Add FILES sectionJune McEnroe 2019-08-22Remove gamesJune McEnroe 2019-04-04Mark card functions inlineJune McEnroe 2019-04-04Add listClearJune McEnroe 2019-04-03Tweak mouseButtonUp code a bitJune McEnroe It's still kind of confusing. 2019-04-03Check gameAvail on double-clickJune McEnroe 2019-04-02Select and move cards on mouse upJune McEnroe 2019-04-01Add idSkipJune McEnroe In Windows 95 FREECELL.EXE, the resource IDs are changed to 403, 404 and 405. For some reason. 2019-03-31Fix weird typoJune McEnroe What the hell. 2019-03-30Add undo to freecellJune McEnroe 2019-03-29Replace path.h with asset.hJune McEnroe 2019-03-29Add king win faceJune McEnroe 2019-03-29Change king face directionJune McEnroe 2019-03-29Load king bitmaps in freecellJune McEnroe


context:
space:
mode: