From 5ef5331f18c886d22c2fea399a5b5d946d867840 Mon Sep 17 00:00:00 2001
From: beck <beck@openbsd.org>
Date: Sun, 29 Jul 2018 22:53:39 +0000
Subject: [PATCH] Make sure we don't count looking at .. as a component as a
 descending match. Noticed by Stuart Cassoff <3d0g@bell.net>

---
 sys/kern/kern_unveil.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sys/kern/kern_unveil.c b/sys/kern/kern_unveil.c
index e906505c54f..3d8ef46d9d2 100644
--- a/sys/kern/kern_unveil.c
+++ b/sys/kern/kern_unveil.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_unveil.c,v 1.4 2018/07/20 07:28:36 beck Exp $	*/
+/*	$OpenBSD: kern_unveil.c,v 1.5 2018/07/29 22:53:39 beck Exp $	*/
 
 /*
  * Copyright (c) 2017-2018 Bob Beck <beck@openbsd.org>
@@ -591,6 +591,7 @@ unveil_check_component(struct proc *p, struct nameidata *ni, struct vnode *dp )
 
 	if (ni->ni_pledge != PLEDGE_UNVEIL) {
 		if ((ni->ni_cnd.cn_flags & BYPASSUNVEIL) == 0 &&
+		    ! (ni->ni_cnd.cn_flags & ISDOTDOT) &&
 		    (uv = unveil_lookup(dp, p)) != NULL) {
 			/* if directory flags match, it's a match */
 			if (unveil_flagmatch(ni, uv->uv_flags)) {
-- 
2.20.1