SCCS-vsn: libexec/tftpd/tftpd.c 5.10
#endif /* not lint */
#ifndef lint
#endif /* not lint */
#ifndef lint
-static char sccsid[] = "@(#)tftpd.c 5.9 (Berkeley) %G%";
+static char sccsid[] = "@(#)tftpd.c 5.10 (Berkeley) %G%";
{
struct stat stbuf;
int fd;
{
struct stat stbuf;
int fd;
if (*filename != '/')
return (EACCESS);
if (*filename != '/')
return (EACCESS);
+ /*
+ * prevent tricksters from getting around the directory restrictions
+ */
+ for (cp = filename + 1; *cp; cp++)
+ if(*cp == '.' && strncmp(cp-1, "/../", 4) == 0)
+ return(EACCESS);
+ for (dirp = dirs; *dirp; dirp++)
if (strncmp(filename, *dirp, strlen(*dirp)) == 0)
break;
if (*dirp==0 && dirp!=dirs)
if (strncmp(filename, *dirp, strlen(*dirp)) == 0)
break;
if (*dirp==0 && dirp!=dirs)