summaryrefslogtreecommitdiff
path: root/src/clientsimpleobject.h
diff options
context:
space:
mode:
authorShadowNinja <shadowninja@minetest.net>2016-12-16 17:43:39 -0500
committerCraig Robbins <kde.psych@gmail.com>2016-12-20 17:17:38 +1000
commit0f0502109eac44128e87906fff30b5d049392f1d (patch)
tree200bccca8e1dfc4f8528c432743b4ea991638748 /src/clientsimpleobject.h
parentf522e7351a1eaffcd4b0f1f06fab65a44281f972 (diff)
downloadminetest-0f0502109eac44128e87906fff30b5d049392f1d.tar.gz
minetest-0f0502109eac44128e87906fff30b5d049392f1d.tar.bz2
minetest-0f0502109eac44128e87906fff30b5d049392f1d.zip
Security: Fix resolving of some relative paths
Trying to resolve a path with RemoveRelativePathComponents that can't be resolved without leaving leading parent components (e.g. "../worlds/foo" or "bar/../../worlds/foo") will fail. To work around this, we leave the relative components and simply remove the trailing components one at a time, and bail out when we find a parent component. This will still fail for paths like "worlds/foo/noexist/../auth.txt" (the path before the last parent component must not exist), but this is fine since you won't be able to open a file with a path like that anyways (the O.S. will determine that the path doesn't exist. Try `cat /a/../etc/passwd`).
Diffstat (limited to 'src/clientsimpleobject.h')
0 files changed, 0 insertions, 0 deletions