diff options
Diffstat (limited to 'tools/gpg-wks-server.c')
| -rw-r--r-- | tools/gpg-wks-server.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 96f0a03a0..144580247 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -1378,6 +1378,15 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce) domain = strchr (address, '@'); log_assert (domain && domain[1]); domain++; + if (strchr (domain, '/') || strchr (domain, '\\') + || strchr (nonce, '/') || strchr (nonce, '\\')) + { + log_info ("invalid domain or nonce received ('%s', '%s')\n", + domain, nonce); + err = gpg_error (GPG_ERR_NOT_FOUND); + goto leave; + } + fname = make_filename_try (opt.directory, domain, "pending", nonce, NULL); if (!fname) { |