diff options
author | José Bollo <jose.bollo@iot.bzh> | 2015-12-10 20:16:13 +0100 |
---|---|---|
committer | José Bollo <jose.bollo@iot.bzh> | 2015-12-10 20:16:13 +0100 |
commit | a4f840ada2b1c005e39f1c7ff0ce442a8c9221ff (patch) | |
tree | a51a7e4d87d02abb3d73d97662a5b20c45d2fa08 | |
parent | 38cccfcf9cb02b5a470dd4de31c528e1d106a100 (diff) |
add validation of validsubpath
Change-Id: Iad94669253c7172c33efd482ed7a676c4bd6d936
-rw-r--r-- | src/wgt.c | 28 |
1 files changed, 27 insertions, 1 deletions
@@ -36,6 +36,7 @@ struct wgt { char **locales; }; +/* a valid subpath is a relative path not looking deeper than root using .. */ static int validsubpath(const char *subpath) { int l = 0, i = 0; @@ -63,7 +64,8 @@ static int validsubpath(const char *subpath) default: while(subpath[i] && subpath[i] != '/') i++; - l++; + if (l >= 0) + l++; case '/': break; } @@ -293,3 +295,27 @@ int wgt_locales_open_read(struct wgt *wgt, const char *filename) } +#if defined(TEST_wgt_validsubpath) +#include <stdio.h> +void t(const char *subpath, int validity) { + printf("%s -> %d = %d, %s\n", subpath, validity, validsubpath(subpath), validsubpath(subpath)==validity ? "ok" : "NOT OK"); +} +int main() { + t("/",0); + t("..",0); + t(".",1); + t("../a",0); + t("a/..",1); + t("a/../////..",0); + t("a/../b/..",1); + t("a/b/c/..",1); + t("a/b/c/../..",1); + t("a/b/c/../../..",1); + t("a/b/c/../../../.",1); + t("./..a/././..b/..c/./.././.././../.",1); + t("./..a/././..b/..c/./.././.././.././..",0); + t("./..a//.//./..b/..c/./.././/./././///.././.././a/a/a/a/a",1); + return 0; +} +#endif + |