Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit26c953e

Browse files
committed
Bruce and all:
Here's a patch to fix the " '.' not allowed in db path" problem I ran into.I removed '.' from the set of illegial characters, but added backtick. I alsoincluded an explicit test for attempting include a reference to a parent dir.How that?Ross
1 parentab7fd11 commit26c953e

File tree

1 file changed

+9
-4
lines changed

1 file changed

+9
-4
lines changed

‎src/backend/utils/misc/database.c

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/utils/misc/Attic/database.c,v 1.35 2000/01/26 05:57:28 momjian Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/utils/misc/Attic/database.c,v 1.36 2000/03/08 01:46:47 momjian Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -83,22 +83,27 @@ ExpandDatabasePath(const char *dbpath)
8383
DataDir,SEP_CHAR,SEP_CHAR,dbpath);
8484
}
8585

86-
/* check for illegal characters in dbpath */
86+
/* check for illegal characters in dbpath
87+
* these should really throw an error, shouldn't they? or else all callers
88+
* need to test for NULL */
8789
for(cp=buf;*cp;cp++)
8890
{
8991
/* The following characters will not be allowed anywhere in the database
90-
path. (Do not include the slash here.) */
92+
path. (Do not include the slash or '.'here.) */
9193
charillegal_dbpath_chars[]=
9294
"\001\002\003\004\005\006\007\010"
9395
"\011\012\013\014\015\016\017\020"
9496
"\021\022\023\024\025\026\027\030"
9597
"\031\032\033\034\035\036\037"
96-
"'.";
98+
"'`";
9799

98100
constchar*cx;
99101
for (cx=illegal_dbpath_chars;*cx;cx++)
100102
if (*cp==*cx)
101103
returnNULL;
104+
/* don't allow access to parent dirs */
105+
if (strncmp(cp,"/../",4)==0 )
106+
returnNULL ;
102107
}
103108

104109
returnpstrdup(buf);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp