From josh@elsasser.org  Thu Nov 10 22:11:06 2005
Return-Path: <josh@elsasser.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 22C5516A428
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 10 Nov 2005 22:11:06 +0000 (GMT)
	(envelope-from josh@elsasser.org)
Received: from vms042pub.verizon.net (vms042pub.verizon.net [206.46.252.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 56DD743D53
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 10 Nov 2005 22:11:05 +0000 (GMT)
	(envelope-from josh@elsasser.org)
Received: from mail.elsasser.org ([151.203.234.179])
 by vms042.mailsrvcs.net (Sun Java System Messaging Server 6.2-4.02 (built Sep
 9 2005)) with ESMTPA id <0IPR00KB0EV890Q2@vms042.mailsrvcs.net> for
 FreeBSD-gnats-submit@freebsd.org; Thu, 10 Nov 2005 16:09:09 -0600 (CST)
Received: from anubis (anubis-air.nat.elsasser.org [10.40.92.102])
	by mail.elsasser.org (Postfix) with ESMTP id 4AD8211405	for
 <FreeBSD-gnats-submit@freebsd.org>; Thu, 10 Nov 2005 17:09:04 -0500 (EST)
Message-Id: <1131660509.0@anubis>
Date: Thu, 10 Nov 2005 17:08:29 -0500
From: "Josh Elsasser" <josh@elsasser.org>
To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@freebsd.org>
Subject: PATCH: cd builtin in sh can cd to wrong directory
X-Send-Pr-Version: gtk-send-pr 0.4.6
X-GNATS-Notify:

>Number:         88813
>Category:       bin
>Synopsis:       [patch] cd builtin in sh(1) can cd to wrong directory
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    stefanf
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 10 22:20:16 GMT 2005
>Closed-Date:    Mon Jun 12 21:09:59 GMT 2006
>Last-Modified:  Mon Jun 12 21:09:59 GMT 2006
>Originator:     Josh Elsasser
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
>Environment:


System: FreeBSD 6.0-STABLE #0: Fri Nov  4 13:20:22 EST 2005
    joshe@anubis:/usr/obj/usr/src/sys/ANUBIS



>Description:


The cd builtin in sh removes a leading ./ from the directory but does not check for additional / characters.  This is done after the stat() but before the actual chdir(), so the directory must exist in the working directory for the bug to be exhibited.


>How-To-Repeat:


cd
mkdir usr
cd .//usr
pwd


>Fix:


There is probably a better way to fix this but I am just interested in fixing my shell script.

--- sh-cd.diff begins here ---
--- /usr/src/bin/sh/cd.c	Tue Apr  6 16:06:51 2004
+++ cd.c	Thu Nov 10 16:40:14 2005
@@ -123,8 +123,12 @@
 				/*
 				 * XXX - rethink
 				 */
-				if (p[0] == '.' && p[1] == '/' && p[2] != '\0')
-					p += 2;
+				if (p[0] == '.') {
+					for (ch = 1; p[ch] == '/'; ch++)
+						;
+					if (p[ch] != '\0')
+						p += ch;
+				}
 				print = strcmp(p, dest);
 			}
 			if (docd(p, print, phys) >= 0)
--- sh-cd.diff ends here ---



>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->stefanf 
Responsible-Changed-By: stefanf 
Responsible-Changed-When: Fri Nov 11 09:02:27 GMT 2005 
Responsible-Changed-Why:  
I'll handle it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=88813 
State-Changed-From-To: open->closed 
State-Changed-By: stefanf 
State-Changed-When: Mon Jun 12 21:08:41 UTC 2006 
State-Changed-Why:  
A different patch has been committed to current and will be merged to RELENG_6. 
Thanks for your report! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=88813 
>Unformatted:
