diff options
| author | Daniel Veillard <veillard@src.gnome.org> | 2007-08-23 13:22:44 +0000 |
|---|---|---|
| committer | Daniel Veillard <veillard@src.gnome.org> | 2007-08-23 13:22:44 +0000 |
| commit | 73adc4f001a03cbb8f71786c952565d80f74d030 (patch) | |
| tree | c382f28e0cf5af7133f55c7140b87948f105b40d | |
| parent | c93245787a0fa0a404b78aebc1f4856879dbfe21 (diff) | |
| download | libxslt-73adc4f001a03cbb8f71786c952565d80f74d030.tar.gz libxslt-73adc4f001a03cbb8f71786c952565d80f74d030.tar.bz2 libxslt-73adc4f001a03cbb8f71786c952565d80f74d030.zip | |
applied patch from Roland Schwarz and Rob Richards to fix the security
* libxslt/security.c: applied patch from Roland Schwarz and Rob
Richards to fix the security file checks on Windows, should
close #464432
Daniel
svn path=/trunk/; revision=1440
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | doc/xsltproc.1 | 2 | ||||
| -rw-r--r-- | libxslt/security.c | 24 |
3 files changed, 31 insertions, 1 deletions
@@ -1,3 +1,9 @@ +Thu Aug 23 15:22:55 CEST 2007 Daniel Veillard <daniel@veillard.com> + + * libxslt/security.c: applied patch from Roland Schwarz and Rob + Richards to fix the security file checks on Windows, should + close #464432 + Thu Aug 23 21:15:28 HKT 2007 William Brack <wbrack@mmm.com.hk> * tests/general/bug-165.[xsl,out,err], tests/docs/bug-165.xml, diff --git a/doc/xsltproc.1 b/doc/xsltproc.1 index 383f073e..e66be310 100644 --- a/doc/xsltproc.1 +++ b/doc/xsltproc.1 @@ -2,7 +2,7 @@ .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). .\" Instead of manually editing it, you probably should edit the DocBook XML .\" source for it and then use the DocBook XSL Stylesheets to regenerate it. -.TH "XSLTPROC" "1" "$Date: 2007\-01\-11 20:12:45 +0100 (Thu, 11 Jan 2007) $" "libxslt" "" +.TH "XSLTPROC" "1" "$Date: 2007\-08\-23 14:20:49 +0200 (Thu, 23 Aug 2007) $" "libxslt" "" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/libxslt/security.c b/libxslt/security.c index 6376f202..4130729e 100644 --- a/libxslt/security.c +++ b/libxslt/security.c @@ -34,6 +34,13 @@ #include <ctype.h> #endif +#if defined(WIN32) && !defined(__CYGWIN__) +#include <windows.h> +#ifndef INVALID_FILE_ATTRIBUTES +#define INVALID_FILE_ATTRIBUTES ((DWORD)-1) +#endif +#endif + #ifndef HAVE_STAT # ifdef HAVE__STAT /* MS C library seems to define stat and _stat. The definition @@ -267,6 +274,16 @@ xsltCheckFilename (const char *path) { #ifdef HAVE_STAT struct stat stat_buffer; +#if defined(WIN32) && !defined(__CYGWIN__) + DWORD dwAttrs; + + dwAttrs = GetFileAttributes(path); + if (dwAttrs != INVALID_FILE_ATTRIBUTES) { + if (dwAttrs & FILE_ATTRIBUTE_DIRECTORY) { + return 2; + } + } +#endif if (stat(path, &stat_buffer) == -1) return 0; @@ -362,6 +379,13 @@ xsltCheckWrite(xsltSecurityPrefsPtr sec, if ((uri->scheme == NULL) || (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) { +#if defined(WIN32) && !defined(__CYGWIN__) + if ((uri->path)&&(uri->path[0]=='/')&& + (uri->path[1]!='\0')&&(uri->path[2]==':')) + ret = xsltCheckWritePath(sec, ctxt, uri->path+1); + else +#endif + /* * Check if we are allowed to write this file */ |