In realpath(), make sure each path component consists only of safe

characters, and untaint it.

1 files changed, 3 insertions, 1 deletions

diff --git a/tools/tools/tinderbox/tbmaster.pl b/tools/tools/tinderbox/tbmaster.pl
index b48545f41515..71751a1797df 100644
--- a/tools/tools/tinderbox/tbmaster.pl
+++ b/tools/tools/tinderbox/tbmaster.pl
@@ -91,7 +91,9 @@ sub realpath($;$) {
                 or die("unable to resolve symlink '$realpath/$part': $!\n");
             $realpath = realpath($target, $realpath);
         } else {
-            $realpath .= "/$part";
+	    $part =~ m/^([\w.-]+)$/
+		or die("unsafe path '$realpath/$part'\n");
+            $realpath .= "/$1";
         }
     }
     return $realpath;