image_name_ok_as_dir(): Don't allow names of '.' and '..'
authorEric Biggers <ebiggers3@gmail.com>
Mon, 13 May 2013 04:51:28 +0000 (23:51 -0500)
committerEric Biggers <ebiggers3@gmail.com>
Mon, 13 May 2013 04:51:28 +0000 (23:51 -0500)
src/extract_image.c

index 7a46fe8f839dd9b08c5eafbd28ed1cce711ad480..7793a8c0cefa5bc08e5ca24c05ef6a671e7baf7f 100644 (file)
@@ -897,7 +897,9 @@ static bool
 image_name_ok_as_dir(const tchar *image_name)
 {
        return image_name && *image_name &&
 image_name_ok_as_dir(const tchar *image_name)
 {
        return image_name && *image_name &&
-               !tstrpbrk(image_name, filename_forbidden_chars);
+               !tstrpbrk(image_name, filename_forbidden_chars) &&
+               tstrcmp(image_name, T(".")) &&
+               tstrcmp(image_name, T(".."));
 }
 
 /* Extracts all images from the WIM to the directory @target, with the images
 }
 
 /* Extracts all images from the WIM to the directory @target, with the images