Index: contrib/cvs/src/client.c =================================================================== RCS file: /home/ncvs/src/contrib/cvs/src/client.c,v retrieving revision 1.10 diff -c -r1.10 client.c *** contrib/cvs/src/client.c 21 Jan 2003 22:01:38 -0000 1.10 --- contrib/cvs/src/client.c 14 Apr 2004 15:51:51 -0000 *************** *** 1054,1059 **** --- 1054,1072 ---- char *rdirp; int reposdirname_absolute; + /* For security reasons, if PATHNAME is absolute or attemps to ascend + * outside of the current sanbbox, we abort. The server should not send us + * anything but relative paths which remain inside the sandbox here. + * Anything less means a trojan CVS server could create and edit arbitrary + * files on the client. + */ + if (isabsolute (pathname) || pathname_levels (pathname) > 0) + { + error (0, 0, + "Server attempted to update a file via an invalid pathname:"); + error (1, 0, "`%s'.", pathname); + } + reposname = NULL; read_line (&reposname); assert (reposname != NULL); Index: contrib/cvs/src/modules.c =================================================================== RCS file: /home/ncvs/src/contrib/cvs/src/modules.c,v retrieving revision 1.1.1.9 diff -c -r1.1.1.9 modules.c *** contrib/cvs/src/modules.c 21 Jan 2004 16:27:56 -0000 1.1.1.9 --- contrib/cvs/src/modules.c 14 Apr 2004 15:54:51 -0000 *************** *** 170,175 **** --- 170,183 ---- if (isabsolute (mname)) error (1, 0, "Absolute module reference invalid: `%s'", mname); + /* Similarly for directories that attempt to step above the root of the + * repository. + */ + if (pathname_levels (mname) > 0) + error (1, 0, "up-level in module reference (`..') invalid: `%s'.", + mname); + + /* if this is a directory to ignore, add it to that list */ if (mname[0] == '!' && mname[1] != '\0') {