From a45afc5d509e51970abbd73929f29dda35b89b43 Mon Sep 17 00:00:00 2001
From: "Ryan C. Gordon" <icculus@icculus.org>
Date: Thu, 26 Oct 2017 14:37:16 -0400
Subject: [PATCH] Catch access to paths that are just "." or ".." without any
 path separator.

---
 src/physfs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/physfs.c b/src/physfs.c
index 3a16626..19148ad 100644
--- a/src/physfs.c
+++ b/src/physfs.c
@@ -939,6 +939,10 @@ static int sanitizePlatformIndependentPath(const char *src, char *dst)
     while (*src == '/')  /* skip initial '/' chars... */
         src++;
 
+    /* Make sure the entire string isn't "." or ".." */
+    if ((strcmp(src, ".") == 0) || (strcmp(src, "..") == 0))
+        BAIL(PHYSFS_ERR_BAD_FILENAME, 0);
+
     prev = dst;
     do
     {