httpup: fix potentially dangerous deltree call

3 files changed, 13 insertions, 7 deletions

diff --git a/ChangeLog b/ChangeLog
index 85dd115..dbb457c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,12 @@
+* 0.4.0h        04.04.2006	Johannes Winkelmann
+- fix potentially dangerous deltree call (Thanks Martin Koniczek for reporting
+  and debugging)
+
 * 0.4.0g        23.02.2006	Johannes Winkelmann
 - change default timeout to 60s
 - add configuration variable for timeout: operation_timeout
 
-	* 0.4.0f        22.09.2005	Johannes Winkelmann
+* 0.4.0f        22.09.2005	Johannes Winkelmann
 - remove deflate option again
 
 * 0.4.0e        20.09.2005	Johannes Winkelmann
diff --git a/Makefile b/Makefile
index 73b2439..d3f6036 100644
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,7 @@ all: httpup
 ## Configuration
 #
 NAME=httpup
-VERSION="0.4.0g"
+VERSION="0.4.0h"
 CXX=g++
 CXXFLAGS=-Wall -ansi -pedantic -DMF_VERSION='${VERSION}' 
 LDFLAGS=-lcurl
diff --git a/fileutils.cpp b/fileutils.cpp
index 9ac3e6d..39a7dca 100644
--- a/fileutils.cpp
+++ b/fileutils.cpp
@@ -42,15 +42,17 @@ int FileUtils::deltree(const char* directory)
             continue;
         }
         struct stat info;
-        stat(entry->d_name, &info);
+        if (stat(entry->d_name, &info) != 0) {
+            return -1;
+        }
+        string pathName = string(directory) + "/" + string(entry->d_name);
         if (S_ISDIR(info.st_mode)) {
-            if (deltree(entry->d_name)) {
+            if (deltree(pathName.c_str())) {
                 ret = -1;
             }
-            rmdir(entry->d_name);
+            rmdir(pathName.c_str());
         } else {
-            string file = string(directory) + "/" + string(entry->d_name);
-            if (unlink(file.c_str())) {
+            if (unlink(pathName.c_str())) {
                 ret = -1;
             }
         }