privsep: Avoid the /proc/../ escape

author: Roy Marples <roy@marples.name> 2020-05-24 14:49:41 +0100
committer: Roy Marples <roy@marples.name> 2020-05-24 14:49:41 +0100
commit: 4e596404535f7a53e46403be039c16a5d05649b5 (patch)
tree: 9dc70b05ad5e06430b133e41251ef59c4d43beb9 /src/privsep-root.c
parent: 02966a545c28e6a043e66d187c1dedc91c211145 (diff)
download: dhcpcd-4e596404535f7a53e46403be039c16a5d05649b5.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/src/privsep-root.c b/src/privsep-root.c
index cba469db..5884357a 100644
--- a/src/privsep-root.c
+++ b/src/privsep-root.c
@@ -288,6 +288,11 @@ static bool
 ps_root_validpath(const struct dhcpcd_ctx *ctx, uint16_t cmd, const char *path)
 {
 
+	/* Avoid a previous directory attack to avoid /proc/../
+	 * dhcpcd should never use a path with double dots. */
+	if (strstr(path, "..") != NULL)
+		return false;
+
 	if (cmd == PS_READFILE) {
 		if (strcmp(ctx->cffile, path) == 0)
 			return true;
author	Roy Marples <roy@marples.name>	2020-05-24 14:49:41 +0100
committer	Roy Marples <roy@marples.name>	2020-05-24 14:49:41 +0100
commit	4e596404535f7a53e46403be039c16a5d05649b5 (patch)
tree	9dc70b05ad5e06430b133e41251ef59c4d43beb9 /src/privsep-root.c
parent	02966a545c28e6a043e66d187c1dedc91c211145 (diff)
download	dhcpcd-4e596404535f7a53e46403be039c16a5d05649b5.tar.xz