(empty log message)
trunk/akari/policy_io.c (diff)| @@ -1849,7 +1849,10 @@ | ||
| 1849 | 1849 | */ |
| 1850 | 1850 | static bool ccs_correct_path(const char *filename) |
| 1851 | 1851 | { |
| 1852 | - return *filename == '/' && ccs_correct_word(filename); | |
| 1852 | + const size_t len = strlen(filename); | |
| 1853 | + const char *cp1 = memchr(filename, '/', len); | |
| 1854 | + const char *cp2 = memchr(filename, '.', len); | |
| 1855 | + return cp1 && (!cp2 || (cp1 < cp2)) && ccs_correct_word2(filename, len); | |
| 1853 | 1856 | } |
| 1854 | 1857 | |
| 1855 | 1858 | /** |
| @@ -2084,7 +2087,7 @@ | ||
| 2084 | 2087 | goto out; |
| 2085 | 2088 | entry->transit = ccs_get_dqword(right_word); |
| 2086 | 2089 | if (!entry->transit || |
| 2087 | - (entry->transit->name[0] != '/' && | |
| 2090 | + (!ccs_correct_path(entry->transit->name) && | |
| 2088 | 2091 | !ccs_domain_def(entry->transit->name))) |
| 2089 | 2092 | goto out; |
| 2090 | 2093 | } |
| @@ -3230,7 +3233,7 @@ | ||
| 3230 | 3233 | else |
| 3231 | 3234 | return -EINVAL; |
| 3232 | 3235 | handler = ccs_read_token(param); |
| 3233 | - if (!ccs_correct_path(handler)) | |
| 3236 | + if (*handler != '/' || !ccs_correct_path(handler)) | |
| 3234 | 3237 | return -EINVAL; |
| 3235 | 3238 | e->handler = ccs_get_name(handler); |
| 3236 | 3239 | if (!e->handler) |
| @@ -5598,7 +5601,7 @@ | ||
| 5598 | 5601 | return; |
| 5599 | 5602 | } |
| 5600 | 5603 | cp = acl->cond->transit->name; |
| 5601 | - if (*cp == '/') | |
| 5604 | + if (!ccs_domain_def(cp)) | |
| 5602 | 5605 | snprintf(buf, CCS_EXEC_TMPSIZE - 1, "%s %s", |
| 5603 | 5606 | ccs_current_domain()->domainname->name, cp); |
| 5604 | 5607 | else |
