realpath() security issue, potential fix

[Michael Pyne]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello again,

I've received some advice about my patch, including the possibility of Qt 
itself running over a realpath() call.  The code I posted doesn't appear to 
execute realpath(), but since that may change in a later revision of Qt, and 
since I wanted to improve the algorithm anyways, I've rearranged the code.

Now instead of using two loops, it uses only one.  It also reduces the number 
of Qt classes to QStringList, QString, and the static function 
QFile::encodeName().

I've decided to leave the old version up, so you can view the new version at 
http://grammarian.homelinux.net/~kde-cvs/realpath-replacement-2.cpp

Something which was surprising to me during my benchmarking is that this new 
version runs virtually neck-and-neck with the old version, even though no 
path element is checked twice in this version, which is IMO a testament to 
the skill of the Qt library authors and Linux kernel developers.

Regards,
 - Michael Pyne
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBEGFuqjQYp5Omm0oRAlKFAKCRVo8IxtZqeVCS+MhnwAqlHM/sVgCgroH7
Di0Y68Vf4CpcW442/JpC9Wo=
=BZg9
-----END PGP SIGNATURE-----