* FIX: papd: Remove variable expansion for BSD printers. Fixes CVE-2008-5718.
* FIX: afpd: .AppleDxxx folders were user accessible if option 'usedots'
was set
+* FIX: afpd: cnid_resolve: don't return '..' as a valid name.
Changes in 2.0.4
================
/*
- * $Id: cnid.c,v 1.1.4.11.2.4 2008-11-25 15:16:34 didg Exp $
+ * $Id: cnid.c,v 1.1.4.11.2.5 2009-07-20 18:35:30 didg Exp $
*
* Copyright (c) 2003 the Netatalk Team
* Copyright (c) 2003 Rafal Lewczuk <rlewczuk@pronet.pl>
block_signal(cdb->flags);
ret = cdb->cnid_resolve(cdb, id, buffer, len);
unblock_signal(cdb->flags);
+ if (ret && !strcmp(ret, "..")) {
+ LOG(log_error, logtype_afpd, "cnid_resolve: name is '..', corrupted db? ");
+ ret = NULL;
+ }
return ret;
}