merge

2013-10-03 17:31:55 +02:00 · 2013-10-03 17:31:55 +02:00 · 60e3d2782b
parent 225cc4af5c 7ad47f1083
commit 60e3d2782b
1 changed files with 3 additions and 1 deletions
--- a/sys/src/cmd/tapefs/tarfs.c
+++ b/sys/src/cmd/tapefs/tarfs.c
@ -144,10 +144,12 @@ populate(char *name)
 		}
 		f.mode &= DMDIR | 0777;

-		/* make file name safe and canonical */
+		/* make file name safe, canonical and free of . and .. */
 		while (fname[0] == '/')		/* don't allow absolute paths */
 			++fname;
 		cleanname(fname);
+		while (strncmp(fname, "../", 3) == 0)
+			fname += 3;

 		/* reject links */
 		linkflg = hp->linkflag == LF_SYMLINK1 ||