zoo (2.10-22) 02_traversal_directory.patch

Summary

 portable.c |   35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

    
download this patch

Patch contents

patch to solve problem with "directory traversal bug" CVE id CAN-2005-2349
Index: zoo-2.10/portable.c
===================================================================
--- zoo-2.10.orig/portable.c	2008-03-22 16:28:26.000000000 -0300
+++ zoo-2.10/portable.c	2008-03-22 16:32:35.000000000 -0300
@@ -364,6 +364,41 @@
       show_dir(direntry);
    }
 #endif
+   /* #########################################################################
+    *
+    *  THIS CODE WAS WRITTEN TO SOLVE PROBLEM WITH DIRECTORY TRAVERSAL SECURITY
+    *  BUG (CVE id CAN-2005-2349).
+    *
+    *  ########################################################################
+    */
+   char *p;
+   /* take off '../'   */
+   while ((p = strstr( direntry->dirname, "../" )) != NULL) {
+      while (*(p+3) != '\0') {
+        *p = *(p + 3);
+        p++;
+      }
+      *p = *(p+3); /* move last null */
+      //printf("zoo: skipped \"../\" path component in '%s'\n", direntry->dirname);
+   }
+   /* take off  '/'  */
+   if ( direntry->dirname[0] == '/' ) {
+      p = direntry->dirname;
+      while (*p != '\0') {
+        *p = *(p + 1);
+        p++;
+      }
+      *p = *(p+1); /* move last null */
+      //printf("zoo: skipped \"/\" path component in '%s'\n", direntry->dirname);
+   }
+   /* direntry->dirlen = strlen(direntry->dirname); */
+
+   /* ##################################################################
+    *
+    * END
+    *
+    * ###################################################################
+   */
    return (0);
 }