(empty log message)
@@ -1849,7 +1849,10 @@ | ||
1849 | 1849 | */ |
1850 | 1850 | static bool ccs_correct_path(const char *filename) |
1851 | 1851 | { |
1852 | - return *filename == '/' && ccs_correct_word(filename); | |
1852 | + const size_t len = strlen(filename); | |
1853 | + const char *cp1 = memchr(filename, '/', len); | |
1854 | + const char *cp2 = memchr(filename, '.', len); | |
1855 | + return cp1 && (!cp2 || (cp1 < cp2)) && ccs_correct_word2(filename, len); | |
1853 | 1856 | } |
1854 | 1857 | |
1855 | 1858 | /** |
@@ -2084,7 +2087,7 @@ | ||
2084 | 2087 | goto out; |
2085 | 2088 | entry->transit = ccs_get_dqword(right_word); |
2086 | 2089 | if (!entry->transit || |
2087 | - (entry->transit->name[0] != '/' && | |
2090 | + (!ccs_correct_path(entry->transit->name) && | |
2088 | 2091 | !ccs_domain_def(entry->transit->name))) |
2089 | 2092 | goto out; |
2090 | 2093 | } |
@@ -3230,7 +3233,7 @@ | ||
3230 | 3233 | else |
3231 | 3234 | return -EINVAL; |
3232 | 3235 | handler = ccs_read_token(param); |
3233 | - if (!ccs_correct_path(handler)) | |
3236 | + if (*handler != '/' || !ccs_correct_path(handler)) | |
3234 | 3237 | return -EINVAL; |
3235 | 3238 | e->handler = ccs_get_name(handler); |
3236 | 3239 | if (!e->handler) |
@@ -5598,7 +5601,7 @@ | ||
5598 | 5601 | return; |
5599 | 5602 | } |
5600 | 5603 | cp = acl->cond->transit->name; |
5601 | - if (*cp == '/') | |
5604 | + if (!ccs_domain_def(cp)) | |
5602 | 5605 | snprintf(buf, CCS_EXEC_TMPSIZE - 1, "%s %s", |
5603 | 5606 | ccs_current_domain()->domainname->name, cp); |
5604 | 5607 | else |