Commit Diff

Commit:
1bf5a5748b2967355ebe0d31bf47e53b5f63ad14
From:
Markus Uhlin <markus@nifty-networks.net>
Date:
Message:
Only perform check if realpath() succeeds
Actions:
Patch | Tree
commit - 2fd3ff87b97ca6e71113c93bb8a9cfbfcae60b2e
commit + 1bf5a5748b2967355ebe0d31bf47e53b5f63ad14
blob - e0db612ff2630fcce59769e289058b77a42e793e
blob + 0d1e7d48d524db8a149421ae4e2737f33ae5920d
--- FICS/playerdb.c
+++ FICS/playerdb.c
@@ -1083,7 +1083,7 @@ player_read(int p, char *name)
 	char	 fname[MAX_FILENAME_SIZE] = { '\0' };
 	char	 line[MAX_LINE_SIZE] = { '\0' };
 	char	*attr, *value;
-	char	*resolvedPath;
+	char	*resolvedPath = NULL;
 	int	 len = 0;
 	int	 version = 0;
 
@@ -1097,20 +1097,18 @@ player_read(int p, char *name)
 	snprintf(fname, sizeof fname, "%s/%c/%s", player_dir,
 	    parray[p].login[0], parray[p].login);
 
-	if ((resolvedPath = realpath(fname, NULL)) == NULL) {
-		warn("%s: realpath", __func__);
-		return -1;
-	}
-	if (strncmp(resolvedPath, player_dir, strlen(player_dir)) != 0) {
-		warnx("%s: path traversal detected", __func__);
+	if ((resolvedPath = realpath(fname, NULL)) != NULL) {
+		if (strncmp(resolvedPath, player_dir,
+		    strlen(player_dir)) != 0) {
+			warnx("%s: path traversal detected", __func__);
+			free(resolvedPath);
+			return -1;
+		}
+		mstrlcpy(fname, resolvedPath, sizeof fname);
 		free(resolvedPath);
-		return -1;
+		resolvedPath = NULL;
 	}
 
-	mstrlcpy(fname, resolvedPath, sizeof fname);
-	free(resolvedPath);
-	resolvedPath = NULL;
-
 	if ((fp = fopen(fname, "r")) == NULL) { // Unregistered player
 		parray[p].name = xstrdup(name);
 		parray[p].registered = 0;