]>
Commit | Line | Data |
---|---|---|
ba3a047f AM |
1 | --- httpd-2.4.41/server/util.c~ 2019-07-22 21:28:14.000000000 +0200 |
2 | +++ httpd-2.4.41/server/util.c 2019-08-17 10:09:47.225371702 +0200 | |
3 | @@ -3477,8 +3477,14 @@ AP_DECLARE(const char *)ap_dir_fnmatch(a | |
4c70316d | 4 | |
ba3a047f AM |
5 | candidates = apr_array_make(w->ptemp, 1, sizeof(fnames)); |
6 | while (apr_dir_read(&dirent, APR_FINFO_DIRENT | APR_FINFO_TYPE, dirp) == APR_SUCCESS) { | |
7 | + size_t slen; | |
8 | + slen = strlen(dirent.name); | |
9 | /* strip out '.' and '..' */ | |
10 | - if (strcmp(dirent.name, ".") | |
11 | + if (strcmp(dirent.name, ".") && (dirent.name)[slen-1] != '~' | |
12 | + && (dirent.name)[0] != '.' | |
13 | + && (slen < 8 || strcmp((dirent.name + slen - 7), ".rpmnew")) | |
14 | + && (slen < 9 || ( strcmp((dirent.name + slen - 8), ".rpmorig") | |
15 | + && strcmp((dirent.name + slen - 8), ".rpmsave"))) | |
16 | && strcmp(dirent.name, "..") | |
17 | && (apr_fnmatch(fname, dirent.name, | |
18 | APR_FNM_PERIOD) == APR_SUCCESS)) { |