From 15f03af50ccda0412156bc229165f6caec07b26d Mon Sep 17 00:00:00 2001
From: Sapan Bhatia <sapanb@cs.princeton.edu>
Date: Mon, 18 May 2009 19:33:19 +0000
Subject: [PATCH] Security fix

---
 exec/umount | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/exec/umount b/exec/umount
index 3d7fb48..7bde900 100755
--- a/exec/umount
+++ b/exec/umount
@@ -7,12 +7,18 @@ my $slice_dir="/vservers/$slicename/";
 my $localpath = <STDIN>;
 
 chomp($localpath);
-$localpath=~s/\.\.//g;
 
 $localpath=$slice_dir.$localpath;
 
-unless($localpath=~/\/?[\w\d]+\/[\w\d]*\/?/) {
-    die("$localpath is not a path");
+my $pathtest;
+
+$pathtest='';
+while ($localpath=~/(\/?[\w\d\-_]+\/?)/g) {
+    $pathtest=$pathtest.$1;
+}
+
+if ($pathtest ne $localpath) {
+    die "$localpath is not a safe path";
 }
 
 my $mntcmd="/bin/umount $localpath";
-- 
2.43.0