util: be a bit safer in path_is_safe()

We should be more strict when verifying paths with path_is_safe() for potentially dangerous constructs, and that includes lengths of PATH_MAX-1 and larger. Be more accurate here.
2015-04-30 19:44:10 +02:00 · 2015-04-30 19:44:10 +02:00 · 6442185ab6
parent e66e5b612a
commit 6442185ab6
1 changed files with 1 additions and 1 deletions
--- a/src/shared/util.c
+++ b/src/shared/util.c
@ -3917,7 +3917,7 @@ bool path_is_safe(const char *p) {
        if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
                return false;

-        if (strlen(p) > PATH_MAX)
+        if (strlen(p)+1 > PATH_MAX)
                return false;

        /* The following two checks are not really dangerous, but hey, they still are confusing */