ctlsock: sanitize: handle multiple leading slashes

author: Jakob Unterwurzacher 2017-02-05 18:05:35 +0100
committer: Jakob Unterwurzacher 2017-02-05 18:05:35 +0100
commit: 8bcae63a5a375d918aad9f2c18804867730378e1 (patch)
tree: c23becd5d3e358082d9165143c3a8ec1233e4a52 /internal
parent: 2bdd0ec802611101969a7b59c3bb7a7a1be64e9d (diff)
2 files changed, 8 insertions, 5 deletions
diff --git a/internal/ctlsock/sanitize.go b/internal/ctlsock/sanitize.go
index 22a8a1c..7cf77a5 100644
--- a/internal/ctlsock/sanitize.go
+++ b/internal/ctlsock/sanitize.go
@@ -6,23 +6,25 @@ import (
 )
 
 // SanitizePath adapts filepath.Clean for FUSE paths.
-// 1) A leading slash is dropped
+// 1) Leading slash(es) are dropped
 // 2) It returns "" instead of "."
 // 3) If the cleaned path points above CWD (start with ".."), an empty string
 //    is returned
 // See the TestSanitizePath testcases for examples.
 func SanitizePath(path string) string {
+	// (1)
+	for len(path) > 0 && path[0] == '/' {
+		path = path[1:]
+	}
 	if len(path) == 0 {
 		return ""
 	}
-	// Drop leading slash
-	if path[0] == '/' {
-		path = path[1:]
-	}
 	clean := filepath.Clean(path)
+	// (2)
 	if clean == "." {
 		return ""
 	}
+	// (3)
 	if clean == ".." || strings.HasPrefix(clean, "../") {
 		return ""
 	}
diff --git a/internal/ctlsock/sanitize_test.go b/internal/ctlsock/sanitize_test.go
index bfdf0a7..d79fa7c 100644
--- a/internal/ctlsock/sanitize_test.go
+++ b/internal/ctlsock/sanitize_test.go
@@ -19,6 +19,7 @@ func TestSanitizePath(t *testing.T) {
 		{"foo/../..", ""},
 		{"foo/../../aaaaaa", ""},
 		{"/foo/../../aaaaaa", ""},
+		{"/////", ""},
 	}
 	for _, tc := range testCases {
 		res := SanitizePath(tc[0])
author	Jakob Unterwurzacher	2017-02-05 18:05:35 +0100
committer	Jakob Unterwurzacher	2017-02-05 18:05:35 +0100
commit	8bcae63a5a375d918aad9f2c18804867730378e1 (patch)
tree	c23becd5d3e358082d9165143c3a8ec1233e4a52 /internal
parent	2bdd0ec802611101969a7b59c3bb7a7a1be64e9d (diff)