From 0b29b7f95253d645475f4cc66a74f653437fa72d Mon Sep 17 00:00:00 2001
From: Greg Steuck <blackgnezdo@gmail.com>
Date: Tue, 27 Nov 2018 04:16:05 -0800
Subject: prog: prevent sandbox escaping files from entering s.files

---
 prog/analysis.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'prog/analysis.go')

diff --git a/prog/analysis.go b/prog/analysis.go
index c26e14014..f03f828b9 100644
--- a/prog/analysis.go
+++ b/prog/analysis.go
@@ -83,7 +83,7 @@ func (s *state) analyzeImpl(c *Call, resources bool) {
 				case BufferString:
 					s.strings[val] = true
 				case BufferFilename:
-					if len(val) < 3 {
+					if len(val) < 3 || escapingFilename(val) {
 						// This is not our file, probalby one of specialFiles.
 						return
 					}
-- 
cgit mrf-deployment