OSSL_STORE "file" scheme loader: check that a DOS device is correctly named
authorRichard Levitte <levitte@openssl.org>
Sat, 15 Jul 2017 09:21:11 +0000 (11:21 +0200)
committerRichard Levitte <levitte@openssl.org>
Sat, 15 Jul 2017 16:53:07 +0000 (18:53 +0200)
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3907)

crypto/store/loader_file.c

index 31ca2c6..7cb1457 100644 (file)
@@ -783,9 +783,13 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader,
 #ifdef _WIN32
         /* Windows file: URIs with a drive letter start with a / */
         if (p[0] == '/' && p[2] == ':' && p[3] == '/') {
-            p++;
-            /* We know it's absolute, so no need to check */
-            path_data[path_data_n].check_absolute = 0;
+            char c = tolower(p[1]);
+
+            if (c >= 'a' && c <= 'z') {
+                p++;
+                /* We know it's absolute, so no need to check */
+                path_data[path_data_n].check_absolute = 0;
+            }
         }
 #endif
         path_data[path_data_n++].path = p;