summaryrefslogtreecommitdiffstats
path: root/chars.c
diff options
context:
space:
mode:
authorIngo Schwarze <schwarze@openbsd.org>2014-07-19 11:35:12 +0000
committerIngo Schwarze <schwarze@openbsd.org>2014-07-19 11:35:12 +0000
commita96928e9475061fac88468b762b3335bb8af06f2 (patch)
treefb4e77a526e6a9f2edf71c295c86ae2ad621afa8 /chars.c
parentd06d27331700307ee6ca6040c2bd638cafbeef2e (diff)
downloadmandoc-a96928e9475061fac88468b762b3335bb8af06f2.tar.gz
Security fix:
Validate the name of the file to show before opening it. Only allow relative filenames starting with "man" or "cat" and containing neither "/.." nor "../". While here, correct the condition discarding an initial "./". Vulnerability found by Sebastien Marie <semarie-openbsd at latrappe dot fr>. Many thanks for sending a patch; however, i did not use it but made the checks even stricter.
Diffstat (limited to 'chars.c')
0 files changed, 0 insertions, 0 deletions