File cvs-03cvs-client-exploit-fix.diff of Package cvs-stable

--- src/client.c.orig	2006-10-18 00:42:11.000000000 +0200
+++ src/client.c	2006-10-18 00:42:49.000000000 +0200
@@ -1114,6 +1114,19 @@
     int reposdirname_absolute;
     int newdir = 0;
 
+    /* For security reasons, if PATHNAME is absolute or attemps to ascend
+     * outside of the current sanbbox, we abort.  The server should not send us
+     * anything but relative paths which remain inside the sandbox here.
+     * Anything less means a trojan CVS server could create and edit arbitrary
+     * files on the client.
+     */
+    if (isabsolute (pathname) || pathname_levels (pathname) > 0)
+    {
+	error (0, 0,
+               "Server attempted to update a file via an invalid pathname:");
+        error (1, 0, "`%s'.", pathname);
+    }
+
     assert (pathname);
 
     reposname = NULL;