]> arthur.barton.de Git - netatalk.git/blobdiff - libatalk/cnid/cnid.c
projects / netatalk.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
cnid_resolve: can't return '..' as a valid name, could be use to escape the volume...
[netatalk.git] / libatalk / cnid / cnid.c
diff --git a/libatalk/cnid/cnid.c b/libatalk/cnid/cnid.c
index abeeef8a2a5afad2aebfed8896496e804c85aa22..795adf7c9481ecfdd060dbd3e5a223a0a8d6ec5a 100644 (file)
--- a/libatalk/cnid/cnid.c
+++ b/libatalk/cnid/cnid.c
@@ -1,5 +1,5 @@
 /* 
- * $Id: cnid.c,v 1.4 2008-12-03 18:35:44 didg Exp $
+ * $Id: cnid.c,v 1.5 2009-07-20 18:33:07 didg Exp $
  *
  * Copyright (c) 2003 the Netatalk Team
  * Copyright (c) 2003 Rafal Lewczuk <rlewczuk@pronet.pl>
@@ -270,6 +270,10 @@ char *ret;
     block_signal(cdb->flags);
     ret = cdb->cnid_resolve(cdb, id, buffer, len);
     unblock_signal(cdb->flags);
+    if (ret && !strcmp(ret, "..")) {
+        LOG(log_error, logtype_afpd, "cnid_resolve: name is '..', corrupted db? ");
+        ret = NULL;
+    }
     return ret;
 }
 
Alex' Netatalk development repository