From b38fae2cd24feee3e979c5f5eada8549cf2e39b2 Mon Sep 17 00:00:00 2001
From: William Cohen <wcohen@redhat.com>
Date: Tue, 10 May 2011 11:50:33 -0400
Subject: [PATCH 2/4] Ensure that --save only saves things in $SESSION_DIR

It was possible use the --session-dir and --save to copy files into arbitrary
locations. This change limits the --save to moving directories within
the $SESSION_DIR.
---
 utils/opcontrol |   11 +++++++++++
 1 files changed, 11 insertions(+), 0 deletions(-)

--- a/utils/opcontrol
+++ b/utils/opcontrol
@@ -50,6 +50,16 @@
 }
 
 
+# check value is a base filename
+error_if_not_basename()
+{
+	bname=`basename "$2"`
+	if [[ "x$2" !=  "x$bname" ]] ; then 
+		echo "Argument for $1, $2, is not a base filename." >&2
+		exit 1
+	fi
+}
+
 # rm_device arguments $1=file_name
 rm_device()
 {
@@ -729,6 +739,7 @@
 
 			--save)
 				error_if_empty $arg $val
+				error_if_not_basename $arg $val
 				DUMP=yes
 				SAVE_SESSION=yes
 				SAVE_NAME=$val