diff options
author | Jakob Unterwurzacher | 2017-01-29 15:24:47 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2017-01-29 15:24:47 +0100 |
commit | 532ef15417072cf6c6bd6576d78588f96800fa43 (patch) | |
tree | f9b2b01588baa173cbee723b01dd2456905f2756 /internal/ctlsock/sanitize.go | |
parent | 6166dad05c1bf505f1c0fca1fbe8bf6a27d02db9 (diff) |
ctlsock: interpret paths that point above CWD as ""
Paths that start with ".." were previously accepted as-is.
Diffstat (limited to 'internal/ctlsock/sanitize.go')
-rw-r--r-- | internal/ctlsock/sanitize.go | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/internal/ctlsock/sanitize.go b/internal/ctlsock/sanitize.go index 5bc3706..22a8a1c 100644 --- a/internal/ctlsock/sanitize.go +++ b/internal/ctlsock/sanitize.go @@ -2,19 +2,29 @@ package ctlsock import ( "path/filepath" + "strings" ) // SanitizePath adapts filepath.Clean for FUSE paths. -// 1) It always returns a relative path +// 1) A leading slash is dropped // 2) It returns "" instead of "." +// 3) If the cleaned path points above CWD (start with ".."), an empty string +// is returned // See the TestSanitizePath testcases for examples. func SanitizePath(path string) string { + if len(path) == 0 { + return "" + } + // Drop leading slash + if path[0] == '/' { + path = path[1:] + } clean := filepath.Clean(path) - if clean == "." || clean == "/" { + if clean == "." { return "" } - if clean[0] == '/' { - clean = clean[1:] + if clean == ".." || strings.HasPrefix(clean, "../") { + return "" } return clean } |