From 8bcae63a5a375d918aad9f2c18804867730378e1 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 5 Feb 2017 18:05:35 +0100 Subject: ctlsock: sanitize: handle multiple leading slashes --- internal/ctlsock/sanitize.go | 12 +++++++----- internal/ctlsock/sanitize_test.go | 1 + 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/internal/ctlsock/sanitize.go b/internal/ctlsock/sanitize.go index 22a8a1c..7cf77a5 100644 --- a/internal/ctlsock/sanitize.go +++ b/internal/ctlsock/sanitize.go @@ -6,23 +6,25 @@ import ( ) // SanitizePath adapts filepath.Clean for FUSE paths. -// 1) A leading slash is dropped +// 1) Leading slash(es) are dropped // 2) It returns "" instead of "." // 3) If the cleaned path points above CWD (start with ".."), an empty string // is returned // See the TestSanitizePath testcases for examples. func SanitizePath(path string) string { + // (1) + for len(path) > 0 && path[0] == '/' { + path = path[1:] + } if len(path) == 0 { return "" } - // Drop leading slash - if path[0] == '/' { - path = path[1:] - } clean := filepath.Clean(path) + // (2) if clean == "." { return "" } + // (3) if clean == ".." || strings.HasPrefix(clean, "../") { return "" } diff --git a/internal/ctlsock/sanitize_test.go b/internal/ctlsock/sanitize_test.go index bfdf0a7..d79fa7c 100644 --- a/internal/ctlsock/sanitize_test.go +++ b/internal/ctlsock/sanitize_test.go @@ -19,6 +19,7 @@ func TestSanitizePath(t *testing.T) { {"foo/../..", ""}, {"foo/../../aaaaaa", ""}, {"/foo/../../aaaaaa", ""}, + {"/////", ""}, } for _, tc := range testCases { res := SanitizePath(tc[0]) -- cgit v1.2.3