version 1.41.2.4, 2002/10/11 14:51:51 |
version 1.41.2.5, 2003/04/03 22:35:16 |
|
|
uid_t uid = pw->pw_uid; |
uid_t uid = pw->pw_uid; |
char buf[MAXPATHLEN], homedir[MAXPATHLEN]; |
char buf[MAXPATHLEN], homedir[MAXPATHLEN]; |
char *cp; |
char *cp; |
|
int comparehome = 0; |
struct stat st; |
struct stat st; |
|
|
if (realpath(file, buf) == NULL) { |
if (realpath(file, buf) == NULL) { |
|
|
strerror(errno)); |
strerror(errno)); |
return -1; |
return -1; |
} |
} |
if (realpath(pw->pw_dir, homedir) == NULL) { |
if (realpath(pw->pw_dir, homedir) != NULL) |
snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir, |
comparehome = 1; |
strerror(errno)); |
|
return -1; |
|
} |
|
|
|
/* check the open file to avoid races */ |
/* check the open file to avoid races */ |
if (fstat(fileno(f), &st) < 0 || |
if (fstat(fileno(f), &st) < 0 || |
|
|
} |
} |
|
|
/* If are passed the homedir then we can stop */ |
/* If are passed the homedir then we can stop */ |
if (strcmp(homedir, buf) == 0) { |
if (comparehome && strcmp(homedir, buf) == 0) { |
debug3("secure_filename: terminating check at '%s'", |
debug3("secure_filename: terminating check at '%s'", |
buf); |
buf); |
break; |
break; |