From 768aeab3232cd3077ffff579ff2d59441c6968ef Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Fri, 29 Jul 2022 23:08:33 -0700
Subject: Fix link grafting bug.

Reported by Travis Ormandy in comp.unix.programmer.

* safepath.c (safepath_check): In the case when
we are combining a relative symlink target with
remaining material from the path, there is a forgotten
1 offset which causes the slash between them to
be deleted.
---
 safepath.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'safepath.c')

diff --git a/safepath.c b/safepath.c
index 06b835a..f91ff58 100644
--- a/safepath.c
+++ b/safepath.c
@@ -470,7 +470,7 @@ int safepath_check(const char *name)
           memcpy(resolved, copy, pos);
           strcpy(resolved + pos, link);
           resolved[pos + len] = '/';
-          strcpy(resolved + pos + len, copy + nxslash + 1);
+          strcpy(resolved + pos + len + 1, copy + nxslash + 1);
           free(copy);
           copy = resolved;
           continue;
-- 
cgit v1.2.3