- /* truncate the terminal name to prevent dangerous buffer airline */
- (void) sprintf(ttn, "%c/%.*s", *tn, MAX_ALIAS, tn);
+ if (strlen(tn) == 0
+ || strcmp(tn, ".") == 0
+ || strcmp(tn, "..") == 0
+ || _nc_pathlast(tn) != 0) {
+ T(("illegal or missing entry name '%s'", tn));
+ return 0;
+ }
+
+ /* truncate the terminal name to prevent buffer overflow */
+ (void) sprintf(ttn, "%c/%.*s", *tn, (int) sizeof(ttn) - 3, tn);