Sanitize leading dots from log path components - catgirl

diff options

author	June McEnroe <june@causal.agency>	2022-04-20 18:29:28 -0400
committer	June McEnroe <june@causal.agency>	2022-04-20 18:29:28 -0400
commit	1b8be724bc5f3cc18da770e01174719ec4890791 (patch)
tree	79cbb0ba57f3bf265c587089aca902f786e73639 /ui.c
parent	Add screenshot to README (diff)
download	catgirl-1b8be724bc5f3cc18da770e01174719ec4890791.tar.gz catgirl-1b8be724bc5f3cc18da770e01174719ec4890791.zip

Sanitize leading dots from log path components

Prevent directory traversal by sanitizing leading dots as well as
slashes from log path components, which can be controlled by the
server. Side effect of preventing hidden dotfiles is a bonus, I
think.

Also check that the full path actually fits in the buffer.

Reported-by: Samanta Navarro <ferivoz@riseup.net>

Diffstat (limited to 'ui.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: