From fb5c60ddbe7693146ea893afa5b2b62de3aa02c3 Mon Sep 17 00:00:00 2001 From: shyouhei Date: Mon, 22 Nov 2010 07:21:56 +0000 Subject: Thu, 29 Jul 2010 23:33:21 +0000 nobu merge revision(s) 28794:28796: * file.c (file_expand_path): should check if could find user. [ruby-core:31538] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@28795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Signed-off-by: URABE, Shyouhei * file.c (file_expand_path): home directory must be absolute. [ruby-core:31537] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@28796 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Signed-off-by: URABE, Shyouhei git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@29859 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- file.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'file.c') diff --git a/file.c b/file.c index 1bb3364daa..b59e5608a1 100644 --- a/file.c +++ b/file.c @@ -2530,6 +2530,7 @@ file_expand_path(fname, dname, result) tainted = OBJ_TAINTED(fname); if (s[0] == '~') { + long userlen = 0; if (isdirsep(s[1]) || s[1] == '\0') { const char *dir = getenv("HOME"); @@ -2557,9 +2558,10 @@ file_expand_path(fname, dname, result) s++; #endif s = nextdirsep(b = s); - BUFCHECK(bdiff + (s-b) >= buflen); - memcpy(p, b, s-b); - p += s-b; + userlen = s - b; + BUFCHECK(bdiff + userlen >= buflen); + memcpy(p, b, userlen); + p += userlen; *p = '\0'; #ifdef HAVE_PWD_H pwPtr = getpwnam(buf); @@ -2572,8 +2574,18 @@ file_expand_path(fname, dname, result) strcpy(buf, pwPtr->pw_dir); p = buf + strlen(pwPtr->pw_dir); endpwent(); +#else + rb_raise(rb_eArgError, "can't find user %s", buf); #endif } + if (!is_absolute_path(RSTRING_PTR(result))) { + if (userlen) { + rb_raise(rb_eArgError, "non-absolute home of %.*s", userlen, s); + } + else { + rb_raise(rb_eArgError, "non-absolute home"); + } + } } #ifdef DOSISH_DRIVE_LETTER /* skip drive letter */ -- cgit v1.2.3