blob: 2b9b80a9dbd29052fc70989976bacdb600376126 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
#include "libbb.h"
int validate_filename(const char *path, const char *prefix)
{
size_t path_len, prefix_len;
/* Check for the following properties:
* 1) path start with prefix
* 2) the next character after prefix is a '/'
* 3) path does not contain '/../'
* 4) path does not end in '/..'
* return 0 if any of the properties does not hold
* return 1 if all properties hold
*/
path_len= strlen(path);
prefix_len= strlen(prefix);
if (path_len < prefix_len)
return 0;
if (memcmp(path, prefix, prefix_len) != 0)
return 0; /* property 1 */
if (path[prefix_len] != '/')
return 0; /* property 2 */
if (strstr(path, "/../") != NULL)
return 0; /* property 3 */
if (path_len >= 3 && strcmp(&path[path_len-3], "/..") == 0)
return 0; /* property 4 */
return 1;
}
|