summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2015-12-10 20:16:13 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2015-12-10 20:16:13 +0100
commita4f840ada2b1c005e39f1c7ff0ce442a8c9221ff (patch)
treea51a7e4d87d02abb3d73d97662a5b20c45d2fa08 /src
parent38cccfcf9cb02b5a470dd4de31c528e1d106a100 (diff)
add validation of validsubpath
Change-Id: Iad94669253c7172c33efd482ed7a676c4bd6d936
Diffstat (limited to 'src')
-rw-r--r--src/wgt.c28
1 files changed, 27 insertions, 1 deletions
diff --git a/src/wgt.c b/src/wgt.c
index 9c3cd6e..1ae1a13 100644
--- a/src/wgt.c
+++ b/src/wgt.c
@@ -36,6 +36,7 @@ struct wgt {
char **locales;
};
+/* a valid subpath is a relative path not looking deeper than root using .. */
static int validsubpath(const char *subpath)
{
int l = 0, i = 0;
@@ -63,7 +64,8 @@ static int validsubpath(const char *subpath)
default:
while(subpath[i] && subpath[i] != '/')
i++;
- l++;
+ if (l >= 0)
+ l++;
case '/':
break;
}
@@ -293,3 +295,27 @@ int wgt_locales_open_read(struct wgt *wgt, const char *filename)
}
+#if defined(TEST_wgt_validsubpath)
+#include <stdio.h>
+void t(const char *subpath, int validity) {
+ printf("%s -> %d = %d, %s\n", subpath, validity, validsubpath(subpath), validsubpath(subpath)==validity ? "ok" : "NOT OK");
+}
+int main() {
+ t("/",0);
+ t("..",0);
+ t(".",1);
+ t("../a",0);
+ t("a/..",1);
+ t("a/../////..",0);
+ t("a/../b/..",1);
+ t("a/b/c/..",1);
+ t("a/b/c/../..",1);
+ t("a/b/c/../../..",1);
+ t("a/b/c/../../../.",1);
+ t("./..a/././..b/..c/./.././.././../.",1);
+ t("./..a/././..b/..c/./.././.././.././..",0);
+ t("./..a//.//./..b/..c/./.././/./././///.././.././a/a/a/a/a",1);
+ return 0;
+}
+#endif
+