Changeset 32946 in project


Ignore:
Timestamp:
11/29/15 17:26:02 (5 years ago)
Author:
sjamaan
Message:

spiffy: Improve the explanatory comment

File:
1 edited

Legend:

Unmodified
Added
Removed
  • release/4/spiffy/trunk/spiffy.scm

    r32944 r32946  
    384384;; This causes the path "\.." (which strictly speaking is 100%
    385385;; harmless on UNIX) to be converted to "/..", which opens up a path
    386 ;; traversal bug!  So as a workaround we add the backslash in all
    387 ;; cases.  Because backslashes in filenames are relatively rare,
    388 ;; hopefully this causes no additional problems...  This vulnerability
    389 ;; was found by Benedikt Rosenau with the Netsparker vulnerability
    390 ;; scanner.
     386;; traversal bug!  So we work around this by adding a backslash to
     387;; invalid-set on UNIX as well.  Because backslashes in filenames are
     388;; relatively rare, this won't cause too many additional problems...
     389;; This vulnerability was found by Benedikt Rosenau with the
     390;; Netsparker vulnerability scanner.
    391391(define impossible-filename?
    392392  (let ((invalid-set (if (or ##sys#windows-platform
Note: See TracChangeset for help on using the changeset viewer.