1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
--- groff-1.16/src/roff/troff/input.cc.safer Wed Jun 7 21:47:48 2000
+++ groff-1.16/src/roff/troff/input.cc Wed Jun 7 21:50:37 2000
@@ -4404,12 +4406,28 @@
else {
while (!tok.newline() && !tok.eof())
tok.next();
- errno = 0;
- FILE *fp = fopen(nm.contents(), "r");
- if (fp)
- input_stack::push(new file_iterator(fp, nm.contents()));
- else
- error("can't open `%1': %2", nm.contents(), strerror(errno));
+ char cbuf[PATH_MAX], * cwd;
+ char pbuf[PATH_MAX], * path;
+ struct stat st;
+
+ if ((cwd = realpath(".", cbuf)) == NULL)
+ error("realpath on `%1' failed: %2", ".", strerror(errno));
+ else if ((path = realpath(nm.contents(), pbuf)) == NULL)
+ error("realpath on `%1' failed: %2", nm.contents(), strerror(errno));
+ else if (safer_flag && strncmp(cwd, path, strlen(cwd)))
+ error("won't source `%1' outside of `%2' without -U flag", path, cwd);
+ else if (stat(path, &st) < 0)
+ error("can't stat `%1': %2", path, strerror(errno));
+ else if (safer_flag && !S_ISREG(st.st_mode))
+ error("won't source non-file `%1' without -U flag", path);
+ else {
+ errno = 0;
+ FILE *fp = fopen(path, "r");
+ if (fp)
+ input_stack::push(new file_iterator(fp, nm.contents()));
+ else
+ error("can't open `%1': %2", path, strerror(errno));
+ }
tok.next();
}
}
|
