Index: contrib/cvs/src/client.c
===================================================================
RCS file: /home/ncvs/src/contrib/cvs/src/client.c,v
retrieving revision 1.10
diff -c -r1.10 client.c
*** contrib/cvs/src/client.c	21 Jan 2003 22:01:38 -0000	1.10
--- contrib/cvs/src/client.c	14 Apr 2004 15:51:51 -0000
***************
*** 1054,1059 ****
--- 1054,1072 ----
      char *rdirp;
      int reposdirname_absolute;
  
+     /* For security reasons, if PATHNAME is absolute or attemps to ascend
+      * outside of the current sanbbox, we abort.  The server should not send us
+      * anything but relative paths which remain inside the sandbox here.
+      * Anything less means a trojan CVS server could create and edit arbitrary
+      * files on the client.
+      */
+     if (isabsolute (pathname) || pathname_levels (pathname) > 0)
+     {
+ 	error (0, 0,
+ 		"Server attempted to update a file via an invalid pathname:");
+ 	error (1, 0, "`%s'.", pathname);
+     }
+ 
      reposname = NULL;
      read_line (&reposname);
      assert (reposname != NULL);
Index: contrib/cvs/src/modules.c
===================================================================
RCS file: /home/ncvs/src/contrib/cvs/src/modules.c,v
retrieving revision 1.1.1.9
diff -c -r1.1.1.9 modules.c
*** contrib/cvs/src/modules.c	21 Jan 2004 16:27:56 -0000	1.1.1.9
--- contrib/cvs/src/modules.c	14 Apr 2004 15:54:51 -0000
***************
*** 170,175 ****
--- 170,183 ----
      if (isabsolute (mname))
  	error (1, 0, "Absolute module reference invalid: `%s'", mname);
  
+     /* Similarly for directories that attempt to step above the root of the
+      * repository.
+      */
+     if (pathname_levels (mname) > 0)
+ 	error (1, 0, "up-level in module reference (`..') invalid: `%s'.",
+ 		mname);
+ 
+ 
      /* if this is a directory to ignore, add it to that list */
      if (mname[0] == '!' && mname[1] != '\0')
      {