/src/sudo/lib/util/dotdot.c
Line | Count | Source |
1 | | /* |
2 | | * SPDX-License-Identifier: ISC |
3 | | * |
4 | | * Copyright (c) 2025 Todd C. Miller <Todd.Miller@sudo.ws> |
5 | | * |
6 | | * Permission to use, copy, modify, and distribute this software for any |
7 | | * purpose with or without fee is hereby granted, provided that the above |
8 | | * copyright notice and this permission notice appear in all copies. |
9 | | * |
10 | | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
11 | | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
12 | | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
13 | | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
14 | | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
15 | | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
16 | | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
17 | | */ |
18 | | |
19 | | #include <config.h> |
20 | | |
21 | | #ifdef HAVE_STDBOOL_H |
22 | | # include <stdbool.h> |
23 | | #else |
24 | | # include <compat/stdbool.h> |
25 | | #endif /* HAVE_STDBOOL_H */ |
26 | | #include <stdio.h> |
27 | | #include <stdlib.h> |
28 | | #include <string.h> |
29 | | |
30 | | #include <sudo_compat.h> |
31 | | #include <sudo_debug.h> |
32 | | #include <sudo_util.h> |
33 | | |
34 | | bool |
35 | | sudo_contains_dot_dot_v1(const char *str) |
36 | 4 | { |
37 | 4 | const char *cp; |
38 | 4 | debug_decl(sudo_contains_dot_dot, SUDO_DEBUG_UTIL); |
39 | | |
40 | 48 | for (cp = str; *cp != '\0'; cp++) { |
41 | | /* Match ".." */ |
42 | 44 | if (cp[0] != '.' || cp[1] != '.') |
43 | 44 | continue; |
44 | | |
45 | | /* Match "^.." or "/.." then "../" or "..$" */ |
46 | 0 | if ((cp == str || cp[-1] == '/') && (cp[2] == '/' || cp[2] == '\0')) |
47 | 0 | debug_return_bool(true); |
48 | 0 | } |
49 | | |
50 | 4 | debug_return_bool(false); |
51 | 4 | } |