Date: Thu, 10 Nov 2005 17:08:29 -0500 From: "Josh Elsasser" <josh@elsasser.org> To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@FreeBSD.org> Subject: bin/88813: PATCH: cd builtin in sh can cd to wrong directory Message-ID: <1131660509.0@anubis> Resent-Message-ID: <200511102220.jAAMKGY9006310@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 88813 >Category: bin >Synopsis: PATCH: cd builtin in sh can cd to wrong directory >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Nov 10 22:20:16 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Josh Elsasser >Release: FreeBSD 6.0-STABLE i386 >Organization: >Environment: System: FreeBSD 6.0-STABLE #0: Fri Nov 4 13:20:22 EST 2005 joshe@anubis:/usr/obj/usr/src/sys/ANUBIS >Description: The cd builtin in sh removes a leading ./ from the directory but does not check for additional / characters. This is done after the stat() but before the actual chdir(), so the directory must exist in the working directory for the bug to be exhibited. >How-To-Repeat: cd mkdir usr cd .//usr pwd >Fix: There is probably a better way to fix this but I am just interested in fixing my shell script. --- sh-cd.diff begins here --- --- /usr/src/bin/sh/cd.c Tue Apr 6 16:06:51 2004 +++ cd.c Thu Nov 10 16:40:14 2005 @@ -123,8 +123,12 @@ /* * XXX - rethink */ - if (p[0] == '.' && p[1] == '/' && p[2] != '\0') - p += 2; + if (p[0] == '.') { + for (ch = 1; p[ch] == '/'; ch++) + ; + if (p[ch] != '\0') + p += ch; + } print = strcmp(p, dest); } if (docd(p, print, phys) >= 0) --- sh-cd.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1131660509.0>