Skip to content
Snippets Groups Projects
Commit ebc9ec9a1c5d authored by Daniel Veillard's avatar Daniel Veillard
Browse files

applied patch from Roland Schwarz and Rob Richards to fix the security

* libxslt/security.c: applied patch from Roland Schwarz and Rob
  Richards to fix the security file checks on Windows, should
  close #464432
Daniel

svn path=/trunk/; revision=1440
parent 2a983cc46b0f
Branches
No related tags found
No related merge requests found
Thu Aug 23 15:22:55 CEST 2007 Daniel Veillard <daniel@veillard.com>
* libxslt/security.c: applied patch from Roland Schwarz and Rob
Richards to fix the security file checks on Windows, should
close #464432
Thu Aug 23 21:15:28 HKT 2007 William Brack <wbrack@mmm.com.hk> Thu Aug 23 21:15:28 HKT 2007 William Brack <wbrack@mmm.com.hk>
* tests/general/bug-165.[xsl,out,err], tests/docs/bug-165.xml, * tests/general/bug-165.[xsl,out,err], tests/docs/bug-165.xml,
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
.\" Instead of manually editing it, you probably should edit the DocBook XML .\" Instead of manually editing it, you probably should edit the DocBook XML
.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. .\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
.TH "XSLTPROC" "1" "$Date: 2007\-01\-11 20:12:45 +0100 (Thu, 11 Jan 2007) $" "libxslt" "" .TH "XSLTPROC" "1" "$Date: 2007\-08\-23 14:20:49 +0200 (Thu, 23 Aug 2007) $" "libxslt" ""
.\" disable hyphenation .\" disable hyphenation
.nh .nh
.\" disable justification (adjust text to left margin only) .\" disable justification (adjust text to left margin only)
......
...@@ -34,6 +34,13 @@ ...@@ -34,6 +34,13 @@
#include <ctype.h> #include <ctype.h>
#endif #endif
#if defined(WIN32) && !defined(__CYGWIN__)
#include <windows.h>
#ifndef INVALID_FILE_ATTRIBUTES
#define INVALID_FILE_ATTRIBUTES ((DWORD)-1)
#endif
#endif
#ifndef HAVE_STAT #ifndef HAVE_STAT
# ifdef HAVE__STAT # ifdef HAVE__STAT
/* MS C library seems to define stat and _stat. The definition /* MS C library seems to define stat and _stat. The definition
...@@ -267,6 +274,16 @@ ...@@ -267,6 +274,16 @@
{ {
#ifdef HAVE_STAT #ifdef HAVE_STAT
struct stat stat_buffer; struct stat stat_buffer;
#if defined(WIN32) && !defined(__CYGWIN__)
DWORD dwAttrs;
dwAttrs = GetFileAttributes(path);
if (dwAttrs != INVALID_FILE_ATTRIBUTES) {
if (dwAttrs & FILE_ATTRIBUTE_DIRECTORY) {
return 2;
}
}
#endif
if (stat(path, &stat_buffer) == -1) if (stat(path, &stat_buffer) == -1)
return 0; return 0;
...@@ -362,6 +379,13 @@ ...@@ -362,6 +379,13 @@
if ((uri->scheme == NULL) || if ((uri->scheme == NULL) ||
(xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) { (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
#if defined(WIN32) && !defined(__CYGWIN__)
if ((uri->path)&&(uri->path[0]=='/')&&
(uri->path[1]!='\0')&&(uri->path[2]==':'))
ret = xsltCheckWritePath(sec, ctxt, uri->path+1);
else
#endif
/* /*
* Check if we are allowed to write this file * Check if we are allowed to write this file
*/ */
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment