From f291876772d1283433924518f87e639e17901a17 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Fri, 31 Oct 2008 16:48:58 +0100
Subject: mapper: check for "." and ".."

Make map_directory_child_fs() refuse the names "." and "..".  This is
currently the interface where an attacker may inject a manipulated
path (through the "update" command).
---
 src/mapper.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/mapper.c')

diff --git a/src/mapper.c b/src/mapper.c
index a21b42d92..4510241dc 100644
--- a/src/mapper.c
+++ b/src/mapper.c
@@ -100,6 +100,11 @@ map_directory_child_fs(const struct directory *directory, const char *name,
 	char buffer2[MPD_PATH_MAX];
 	const char *parent_fs;
 
+	/* check for invalid or unauthorized base names */
+	if (*name == 0 || strchr(name, '/') != NULL ||
+	    strcmp(name, ".") == 0 || strcmp(name, "..") == 0)
+		return NULL;
+
 	parent_fs = map_directory_fs(directory, buffer2);
 	if (parent_fs == NULL)
 		return NULL;
-- 
cgit v1.2.3