Commit 4e19133d authored by Jeremy's avatar Jeremy Committed by Nick Mathewson
Browse files

src/common/util.c:expand_filename() - Perhaps use GetFullPathName() as a form... 

src/common/util.c:expand_filename() - Perhaps use GetFullPathName() as a form of input validation on the filename argument.
parent b3639c82

src/common/util.c

+3 −0
Original line number Diff line number Diff line
@@ -2873,6 +2873,9 @@ expand_filename(const char *filename) 
{

  tor_assert(filename);

#ifdef _WIN32

  /* Might consider using GetFullPathName() as described here:

   * http://etutorials.org/Programming/secure+programming/Chapter+3.+Input+Validation/3.7+Validating+Filenames+and+Paths/

   */

  return tor_strdup(filename);

#else

  if (*filename == '~') {