From 99e686faf5ad15c9b0d51a11e148f7d9571ba722 Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Thu, 3 Nov 2011 08:33:19 +0530
Subject: [PATCH] Forgot to use realpath()

---
 src/calibre/devices/linux_mount_helper.c | 23 +++++++++++++++++++++--
 src/calibre/ptempfile.py                 |  4 ++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/calibre/devices/linux_mount_helper.c b/src/calibre/devices/linux_mount_helper.c
index e470a69ca3..bdad985d64 100644
--- a/src/calibre/devices/linux_mount_helper.c
+++ b/src/calibre/devices/linux_mount_helper.c
@@ -1,3 +1,4 @@
+#include <limits.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <unistd.h>
@@ -36,17 +37,35 @@ void ensure_root() {
 }
 
 int check_args(const char *dev, const char *mp) {
+    char buffer[PATH_MAX+1];
+
     if (dev == NULL || strlen(dev) < strlen(DEV) || mp == NULL || strlen(mp) < strlen(MEDIA)) {
         fprintf(stderr, "Invalid arguments\n");
         return False;
     }
 
-    if (strncmp(MEDIA, mp, strlen("MEDIA")) != 0)  {
+    if (exists(mp)) {
+        if (realpath(mp, buffer) == NULL) {
+            fprintf(stderr, "Unable to resolve mount path\n");
+            return False;
+        }
+        if (strncmp(MEDIA, buffer, strlen(MEDIA)) != 0)  {
+            fprintf(stderr, "Trying to operate on a mount point not under /media is not allowed\n");
+            return False;
+        }
+    }
+
+    if (strncmp(MEDIA, mp, strlen(MEDIA)) != 0)  {
         fprintf(stderr, "Trying to operate on a mount point not under /media is not allowed\n");
         return False;
     }
 
-    if (strncmp(DEV, dev, strlen(DEV)) != 0) {
+    if (realpath(dev, buffer) == NULL) {
+        fprintf(stderr, "Unable to resolve dev path\n");
+        return False;
+    }
+
+    if (strncmp(DEV, buffer, strlen(DEV)) != 0) {
         fprintf(stderr, "Trying to operate on a dev node not under /dev\n");
         return False;
     }
diff --git a/src/calibre/ptempfile.py b/src/calibre/ptempfile.py
index aca8397f53..9343c88efa 100644
--- a/src/calibre/ptempfile.py
+++ b/src/calibre/ptempfile.py
@@ -194,4 +194,8 @@ class SpooledTemporaryFile(tempfile.SpooledTemporaryFile):
         tempfile.SpooledTemporaryFile.__init__(self, max_size=max_size, suffix=suffix,
                 prefix=prefix, dir=dir, mode=mode, bufsize=bufsize)
 
+def better_mktemp(*args, **kwargs):
+    fd, path = tempfile.mkstemp(*args, **kwargs)
+    os.close(fd)
+    return path