+--- orig/util.c 2004-08-07 20:57:02
++++ util.c 2004-08-09 18:28:59
+@@ -524,7 +524,7 @@ static void glob_expand_one(char *s, cha
+ s = ".";
+
+ if (sanitize_paths)
+- s = sanitize_path(NULL, s, NULL);
++ s = sanitize_path(NULL, s, "", NULL);
+ else
+ s = strdup(s);
+
+@@ -706,18 +706,16 @@ unsigned int clean_fname(char *name)
+ * "/" (either removing it or expanding it) and any leading or embedded
+ * ".." components that attempt to escape past the module's top dir.
+ *
+- * If dest is NULL, a buffer is allocated to hold the result. If dest is
+- * the same buffer as p (the path) OR if reldir is NULL, a leading slash
+- * is dropped instead of being expanded to be the module's top dir.
++ * If dest is NULL, a buffer is allocated to hold the result. It is legal
++ * to call with the dest and the path (p) pointing to the same buffer, but
++ * rootdir is ignored to avoid expansion of the string.
++ *
++ * The rootdir string contains a value to use in place of a leading slash.
++ * Specify NULL to get the default of lp_path(module_id).
+ *
+ * If reldir is non-NULL (and non-empty), it is a sanitized directory that
+ * the path will be relative to, so allow as many '..'s at the beginning of
+- * the path as there are components in reldir. This is used for symbolic
+- * link targets. If reldir is non-null and the path began with "/", to be
+- * completely like a chroot we should add in depth levels of ".." at the
+- * beginning of the path, but that would blow the assumption that the path
+- * doesn't grow and it is not likely to end up being a valid symlink
+- * anyway, so just do the normal removal of the leading "/" instead.
++ * the path as there are components in reldir.
+ *
+ * While we're at it, remove double slashes and "." components like
+ * clean_fname() does, but DON'T remove a trailing slash because that is
+@@ -725,7 +723,8 @@ unsigned int clean_fname(char *name)
+ *
+ * If the resulting path would be empty, change it into ".".
+ */
+-char *sanitize_path(char *dest, const char *p, const char *reldir)
++char *sanitize_path(char *dest, const char *p, const char *rootdir,
++ const char *reldir)
+ {
+ char *start, *sanp;
+ int depth = 0;
+@@ -734,8 +733,10 @@ char *sanitize_path(char *dest, const ch
+
+ if (dest != p) {
+ int plen = strlen(p);
+- if (*p == '/' && reldir) {
+- rlen = strlen(lp_path(module_id));
++ if (*p == '/') {
++ if (!rootdir)
++ rootdir = lp_path(module_id);
++ rlen = strlen(rootdir);
+ reldir = NULL;
+ p++;
+ }
+@@ -745,7 +746,7 @@ char *sanitize_path(char *dest, const ch
+ } else if (!(dest = new_array(char, rlen + plen + 1)))
+ out_of_memory("sanitize_path");
+ if (rlen) {
+- memcpy(dest, lp_path(module_id), rlen);
++ memcpy(dest, rootdir, rlen);
+ if (rlen > 1)
+ dest[rlen++] = '/';
+ }