util: be a bit safer in path_is_safe()
We should be more strict when verifying paths with path_is_safe() for potentially dangerous constructs, and that includes lengths of PATH_MAX-1 and larger. Be more accurate here.
This commit is contained in:
parent
e66e5b612a
commit
6442185ab6
|
@ -3917,7 +3917,7 @@ bool path_is_safe(const char *p) {
|
|||
if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
|
||||
return false;
|
||||
|
||||
if (strlen(p) > PATH_MAX)
|
||||
if (strlen(p)+1 > PATH_MAX)
|
||||
return false;
|
||||
|
||||
/* The following two checks are not really dangerous, but hey, they still are confusing */
|
||||
|
|
Loading…
Reference in New Issue