From 5b3af7cf9dcd7313591406eb16042481b7e9e74e Mon Sep 17 00:00:00 2001
From: Uwe Seimet <Uwe.Seimet@seimet.de>
Date: Fri, 17 Sep 2021 19:59:12 +0200
Subject: [PATCH] Improved filename validation

---
 src/raspberrypi/rascsi.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/raspberrypi/rascsi.cpp b/src/raspberrypi/rascsi.cpp
index 87c0903c..ad20e042 100644
--- a/src/raspberrypi/rascsi.cpp
+++ b/src/raspberrypi/rascsi.cpp
@@ -717,8 +717,12 @@ string SetReservedIds(const string& ids)
 
 bool IsValidFilename(const string& filename)
 {
+	if (filename == "." || filename == "..") {
+		return false;
+	}
+
 	struct stat st;
-	return !stat(filename.c_str(), &st) && S_ISREG(st.st_mode);
+	return stat(filename.c_str(), &st) || !S_ISREG(st.st_mode);
 }
 
 bool CreateImage(int fd, const PbCommand& command)