[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] src/common/util.c:expand_filename() - Perhaps use GetFullPathName() as a form of input validation on the filename argument.
commit 4e19133dccfc4d252e9ed2695f6fe49bb4503ac8
Author: Jeremy <jeremy@xxxxxxxxxxx>
Date: Tue Dec 1 15:41:03 2015 -0500
src/common/util.c:expand_filename() - Perhaps use GetFullPathName() as a form of input validation on the filename argument.
---
src/common/util.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/common/util.c b/src/common/util.c
index b33c80f..e8044f9 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -2873,6 +2873,9 @@ expand_filename(const char *filename)
{
tor_assert(filename);
#ifdef _WIN32
+ /* Might consider using GetFullPathName() as described here:
+ * http://etutorials.org/Programming/secure+programming/Chapter+3.+Input+Validation/3.7+Validating+Filenames+and+Paths/
+ */
return tor_strdup(filename);
#else
if (*filename == '~') {
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits