applied patch from Roland Schwarz and Rob Richards to fix the security

* libxslt/security.c: applied patch from Roland Schwarz and Rob Richards to fix the security file checks on Windows, should close #464432 Daniel svn path=/trunk/; revision=1440
2025-07-31 02:43:06 +03:00 · 2007-08-23 13:22:44 +00:00
parent c93245787a
commit 73adc4f001
3 changed files with 31 additions and 1 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+Thu Aug 23 15:22:55 CEST 2007 Daniel Veillard <daniel@veillard.com>
+
+	* libxslt/security.c: applied patch from Roland Schwarz and Rob
+	  Richards to fix the security file checks on Windows, should 
+	  close #464432
+
 Thu Aug 23 21:15:28 HKT 2007 William Brack <wbrack@mmm.com.hk>

 	* tests/general/bug-165.[xsl,out,err], tests/docs/bug-165.xml,
--- a/doc/xsltproc.1
+++ b/doc/xsltproc.1
@ -2,7 +2,7 @@
 .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
 .\" Instead of manually editing it, you probably should edit the DocBook XML
 .\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "XSLTPROC" "1" "$Date: 2007\-01\-11 20:12:45 +0100 (Thu, 11 Jan 2007) $" "libxslt" ""
+.TH "XSLTPROC" "1" "$Date: 2007\-08\-23 14:20:49 +0200 (Thu, 23 Aug 2007) $" "libxslt" ""
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
--- a/libxslt/security.c
+++ b/libxslt/security.c
@ -34,6 +34,13 @@
 #include <ctype.h>
 #endif

+#if defined(WIN32) && !defined(__CYGWIN__)
+#include <windows.h>
+#ifndef INVALID_FILE_ATTRIBUTES
+#define INVALID_FILE_ATTRIBUTES ((DWORD)-1)
+#endif
+#endif
+
 #ifndef HAVE_STAT
 #  ifdef HAVE__STAT
     /* MS C library seems to define stat and _stat. The definition
@ -267,6 +274,16 @@ xsltCheckFilename (const char *path)
 {
 #ifdef HAVE_STAT
    struct stat stat_buffer;
+#if defined(WIN32) && !defined(__CYGWIN__)
+    DWORD dwAttrs;
+
+    dwAttrs = GetFileAttributes(path); 
+    if (dwAttrs != INVALID_FILE_ATTRIBUTES) {
+        if (dwAttrs & FILE_ATTRIBUTE_DIRECTORY) {
+            return 2;
+		}
+    }
+#endif

    if (stat(path, &stat_buffer) == -1)
        return 0;
@ -362,6 +379,13 @@ xsltCheckWrite(xsltSecurityPrefsPtr sec,
    if ((uri->scheme == NULL) ||
 	(xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {

+#if defined(WIN32) && !defined(__CYGWIN__)
+    if ((uri->path)&&(uri->path[0]=='/')&&
+        (uri->path[1]!='\0')&&(uri->path[2]==':'))
+    ret = xsltCheckWritePath(sec, ctxt, uri->path+1);
+    else
+#endif
+
 	/*
 	 * Check if we are allowed to write this file
 	 */