| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | William ZHANG <uniware(at)zedware(dot)org>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: Bug in canonicalize_path() |
| Date: | 2005-08-12 05:29:58 |
| Message-ID: | 4489.1123824598@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Tom Lane wrote:
>> ... it's part of the API contract of canonicalize_path() that it
>> will not return something with trailing "." or "..".
> OK, new patch which I think handles all cases.
> + if (pending_strips > 0)
> + {
> + for (; pending_strips > 0; pending_strips--)
> + strcat(path, "../");
> + trim_trailing_separator(path);
> + }
Uh, that hardly meets the API contract that I mentioned. I think
we really have to throw an error if the path tries to ".." above
the starting point. (Remember again that most of the uses of
this thing are dealing with absolute paths anyway, so this isn't
that big a deal.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2005-08-12 07:46:04 | Re: [HACKERS] For review: Server instrumentation patch |
| Previous Message | Tom Lane | 2005-08-12 05:14:22 | Re: remove BufferBlockPointers for speed and space |