From: deraadt <deraadt@openbsd.org>
Date: Tue, 15 Apr 1997 11:27:56 +0000 (+0000)
Subject: correct the paranoia check
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=67ce3ce2f12b2fcce559f378294c378b0f7bc513;p=openbsd

correct the paranoia check
---

diff --git a/lib/libc/net/gethostnamadr.c b/lib/libc/net/gethostnamadr.c
index 7ce0f9c3bd4..95e00484d60 100644
--- a/lib/libc/net/gethostnamadr.c
+++ b/lib/libc/net/gethostnamadr.c
@@ -52,7 +52,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$OpenBSD: gethostnamadr.c,v 1.21 1997/04/14 06:57:44 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: gethostnamadr.c,v 1.22 1997/04/15 11:27:56 deraadt Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
@@ -140,15 +140,18 @@ _hokchar(p)
 	 * characters are a-z, A-Z, 0-9, '-' and . But the others
 	 * tested for below can happen, and we must be more permissive
 	 * than the resolver until those idiots clean up their act.
+	 * We let '/' through, but not '..'
 	 */
 	while ((c = *p++)) {
-		if (('a' >= c && c <= 'z') ||
-		    ('A' >= c && c <= 'Z') ||
-		    ('0' >= c && c <= '9'))
+		if (('a' <= c && c <= 'z') ||
+		    ('A' <= c && c <= 'Z') ||
+		    ('0' <= c && c <= '9'))
 			continue;
-		if (strchr("-_/.[]\\", c) ||
-		    (c == '.' && p[1] == '.'))
-			return 0;
+		if (strchr("-_/", c))
+			continue;
+		if (c == '.' && *p != '.')
+			continue;
+		return 0;
 	}
 	return 1;
 }