ctlsock: interpret paths that point above CWD as ""

Paths that start with ".." were previously accepted as-is.

2 files changed, 18 insertions, 4 deletions

diff --git a/internal/ctlsock/sanitize.go b/internal/ctlsock/sanitize.go
index 5bc3706..22a8a1c 100644
--- a/internal/ctlsock/sanitize.go
+++ b/internal/ctlsock/sanitize.go
@@ -2,19 +2,29 @@ package ctlsock
 
 import (
 	"path/filepath"
+	"strings"
 )
 
 // SanitizePath adapts filepath.Clean for FUSE paths.
-// 1) It always returns a relative path
+// 1) A leading slash is dropped
 // 2) It returns "" instead of "."
+// 3) If the cleaned path points above CWD (start with ".."), an empty string
+//    is returned
 // See the TestSanitizePath testcases for examples.
 func SanitizePath(path string) string {
+	if len(path) == 0 {
+		return ""
+	}
+	// Drop leading slash
+	if path[0] == '/' {
+		path = path[1:]
+	}
 	clean := filepath.Clean(path)
-	if clean == "." || clean == "/" {
+	if clean == "." {
 		return ""
 	}
-	if clean[0] == '/' {
-		clean = clean[1:]
+	if clean == ".." || strings.HasPrefix(clean, "../") {
+		return ""
 	}
 	return clean
 }
diff --git a/internal/ctlsock/sanitize_test.go b/internal/ctlsock/sanitize_test.go
index dfcb62c..bfdf0a7 100644
--- a/internal/ctlsock/sanitize_test.go
+++ b/internal/ctlsock/sanitize_test.go
@@ -15,6 +15,10 @@ func TestSanitizePath(t *testing.T) {
 		{"/foo/", "foo"},
 		{"/foo/./foo", "foo/foo"},
 		{"./", ""},
+		{"..", ""},
+		{"foo/../..", ""},
+		{"foo/../../aaaaaa", ""},
+		{"/foo/../../aaaaaa", ""},
 	}
 	for _, tc := range testCases {
 		res := SanitizePath(tc[0])