Attachment #32328 for bug #54596

View | Details | Raw Unified | Return to bug 54596
Collapse All | Expand All




        }                                                   \
    } while(0)

static char *skip_prefix(char *path, char **sp)
{
    size_t size;
    char *cp;

    /* Convert everything to forward slashes
     */

     */
    path = NO2UNC(path);
    size = strlen(path);
    *sp = path;
    if (size < 2) {
        if (path[0] == ' ') {
            /* Single Trailing space is invalid path

            return 0;
        }
    }
    *sp = path;
    if (size > 1 && path[1] == ':' && IS_DRIVE_CHAR(path[0])) {
        /* Never go above C: */
        path += 2;

            /* This is probably //./pipe/ */
            return path;
        }
        cp = strchr(path + 2, '/');
        if (cp != 0)
            path = cp;
        else {
            /* We only have //share
             */

    char *cp;
    int   ch = '/';

    path = skip_prefix(path, &sp);
    if (!path)
        return 0;
    if (path != sp) {
        /* Unexpected. Expected a relative path, but it starts with C: or //share/ */
        SetLastError(ERROR_BAD_PATHNAME);
        return 0;
    }
    cp = path;
    while (*path) {
        if (IS_PATH_SEP(ch) && *path == '.') {
            /* nd: number of consecutive dot characters */
            int nd = 0;
            while (path[nd] == '.')
                nd++;
            if (nd > 2 && path[nd] == '/') {
                SetLastError(ERROR_BAD_PATHNAME);
                return 0;
            }
            if (IS_PATH_SEP(path[nd])) {
                if (nd > 2) {
                    SetLastError(ERROR_BAD_PATHNAME);
                    return 0;
                }
                path += nd;
                if (*path)
                    path++;
                if (nd > 1) {
                    if (cp > sp + 1) {
                        cp--;
                        while (cp > sp) {

                    }
                    else {
                        (*remain)++;
                        break;
                    }
                    nd--;
                }
            }
            else {

        if (remain > 0) {
            char *skip = root + rsz - 1;
            char *spr;
            char *start = skip_prefix(root, &spr);
            char *start = skip_prefix(root, &spr, &cpr);
            if (*skip == '/')
                skip--;
            while (remain > 0 && skip >= start) {

Return to bug 54596

Lines 3710-3718 Link Here

(-)native/iis/jk_isapi_plugin.c (-16 / +19 lines)
3710	} \	3710	} \
3711	} while(0)	3711	} while(0)
3712		3712
3713	static char skip_prefix(char path, char sp, char cp)	3713	static char skip_prefix(char path, char **sp)
3714	{	3714	{
3715	size_t size;	3715	size_t size;
		3716	char *cp;
3716		3717
3717	/* Convert everything to forward slashes	3718	/* Convert everything to forward slashes
3718	*/	3719	*/
Lines 3721-3726 Link Here
3721	*/	3722	*/
3722	path = NO2UNC(path);	3723	path = NO2UNC(path);
3723	size = strlen(path);	3724	size = strlen(path);
		3725	*sp = path;
3724	if (size < 2) {	3726	if (size < 2) {
3725	if (path[0] == ' ') {	3727	if (path[0] == ' ') {
3726	/* Single Trailing space is invalid path	3728	/* Single Trailing space is invalid path
Lines 3742-3748 Link Here
3742	return 0;	3744	return 0;
3743	}	3745	}
3744	}	3746	}
3745	*sp = path;
3746	if (size > 1 && path[1] == ':' && IS_DRIVE_CHAR(path[0])) {	3747	if (size > 1 && path[1] == ':' && IS_DRIVE_CHAR(path[0])) {
3747	/* Never go above C: */	3748	/* Never go above C: */
3748	path += 2;	3749	path += 2;
Lines 3754-3762 Link Here
3754	/* This is probably //./pipe/ */	3755	/* This is probably //./pipe/ */
3755	return path;	3756	return path;
3756	}	3757	}
3757	*cp = strchr(path + 2, '/');	3758	cp = strchr(path + 2, '/');
3758	if (*cp != 0)	3759	if (cp != 0)
3759	path = *cp;	3760	path = cp;
3760	else {	3761	else {
3761	/* We only have //share	3762	/* We only have //share
3762	*/	3763	*/
Lines 3772-3796 Link Here
3772	char *cp;	3773	char *cp;
3773	int ch = '/';	3774	int ch = '/';
3774		3775
3775	path = skip_prefix(path, &sp, &cp);	3776	path = skip_prefix(path, &sp);
3776	if (!path)	3777	if (!path)
3777	return 0;	3778	return 0;
3778	/* Remaining is the same as on unixes */	3779	if (path != sp) {
		3780	/* Unexpected. Expected a relative path, but it starts with C: or //share/ */
		3781	SetLastError(ERROR_BAD_PATHNAME);
		3782	return 0;
		3783	}
3779	cp = path;	3784	cp = path;
3780	while (*path) {	3785	while (*path) {
3781	if (IS_PATH_SEP(ch) && *path == '.') {	3786	if (IS_PATH_SEP(ch) && *path == '.') {
		3787	/* nd: number of consecutive dot characters */
3782	int nd = 0;	3788	int nd = 0;
3783	while (path[nd] == '.')	3789	while (path[nd] == '.')
3784	nd++;	3790	nd++;
3785	if (nd > 2 && path[nd] == '/') {
3786	SetLastError(ERROR_BAD_PATHNAME);
3787	return 0;
3788	}
3789	if (IS_PATH_SEP(path[nd])) {	3791	if (IS_PATH_SEP(path[nd])) {
		3792	if (nd > 2) {
		3793	SetLastError(ERROR_BAD_PATHNAME);
		3794	return 0;
		3795	}
3790	path += nd;	3796	path += nd;
3791	if (*path)	3797	if (*path)
3792	path++;	3798	path++;
3793	while (nd > 1) {	3799	if (nd > 1) {
3794	if (cp > sp + 1) {	3800	if (cp > sp + 1) {
3795	cp--;	3801	cp--;
3796	while (cp > sp) {	3802	while (cp > sp) {
Lines 3801-3809 Link Here
3801	}	3807	}
3802	else {	3808	else {
3803	(*remain)++;	3809	(*remain)++;
3804	break;
3805	}	3810	}
3806	nd--;
3807	}	3811	}
3808	}	3812	}
3809	else {	3813	else {
Lines 3843-3850 Link Here
3843	if (remain > 0) {	3847	if (remain > 0) {
3844	char *skip = root + rsz - 1;	3848	char *skip = root + rsz - 1;
3845	char *spr;	3849	char *spr;
3846	char *cpr;	3850	char *start = skip_prefix(root, &spr);
3847	char *start = skip_prefix(root, &spr, &cpr);
3848	if (*skip == '/')	3851	if (*skip == '/')
3849	skip--;	3852	skip--;
3850	while (remain > 0 && skip >= start) {	3853	while (remain > 0 && skip >= start) {