Navigation Menu

Skip to content

Commit

Permalink
FTP/TFTP: Fix directory traversal regression, reported by Aaron Esau
Browse files Browse the repository at this point in the history 
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
  • Loading branch information
@troglobit
troglobit committed Aug 31, 2019
1 parent 0fb2c03 commit 455b47d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/common.c
View file
Expand Up @@ -92,7 +92,7 @@ char *compose_path(ctrl_t *ctrl, char *path)
strlcat(rpath, name, sizeof(rpath));
}

if (!chrooted && strncmp(dir, home, strlen(home))) {
if (!chrooted && strncmp(rpath, home, strlen(home))) {
DBG("Failed non-chroot dir:%s vs home:%s", dir, home);
return NULL;
}
Expand Down

2 comments on commit 455b47d

@abergmann
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CVE-2020-20277 was assigned to this commit.

@troglobit
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@abergmann Weird, I thought it already had been assigned CVE-2020-5221 all public advisories are available here.

Please sign in to comment.