about summary refs log tree commit diff
path: root/compat_readpassphrase.c
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2022-04-20 18:29:28 -0400
committerJune McEnroe <june@causal.agency>2022-04-20 18:29:28 -0400
commit1b8be724bc5f3cc18da770e01174719ec4890791 (patch)
tree79cbb0ba57f3bf265c587089aca902f786e73639 /compat_readpassphrase.c
parentAdd screenshot to README (diff)
downloadcatgirl-1b8be724bc5f3cc18da770e01174719ec4890791.tar.gz
catgirl-1b8be724bc5f3cc18da770e01174719ec4890791.zip
Sanitize leading dots from log path components
Prevent directory traversal by sanitizing leading dots as well as
slashes from log path components, which can be controlled by the
server. Side effect of preventing hidden dotfiles is a bonus, I
think.

Also check that the full path actually fits in the buffer.

Reported-by: Samanta Navarro <ferivoz@riseup.net>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions
 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-12-17 18:59:12 +0000


 


'>Handle PART and QUIT without messagesJune McEnroe
2018-08-07Make safe filling the who bufferJune McEnroe
2018-08-07Add reverse and reset IRC formatting codesJune McEnroe
2018-08-06Rewrite line editing again, add formattingJune McEnroe
2018-08-06Fix allocation size in vaswprintfJune McEnroe
2018-08-06Implement word wrappingJune McEnroe
2018-08-06Use wchar_t strings for all of UIJune McEnroe
2018-08-06Rename line editing functionsJune McEnroe
2018-08-05Initialize all possible color pairsJune McEnroe
2018-08-05Refactor color initializationJune McEnroe
2018-08-05Add ^L redrawJune McEnroe
2018-08-05Use 16 colors if availableJune McEnroe
2018-08-05Limit parsed colors to number of mIRC colorsJune McEnroe
2018-08-04Show source link on exitJune McEnroe
2018-08-04Implement line editing, scrollingJune McEnroe
2018-08-04Handle /topicJune McEnroe