From a4f840ada2b1c005e39f1c7ff0ce442a8c9221ff Mon Sep 17 00:00:00 2001
From: =?utf8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
Date: Thu, 10 Dec 2015 20:16:13 +0100
Subject: [PATCH] add validation of validsubpath

Change-Id: Iad94669253c7172c33efd482ed7a676c4bd6d936
---
 src/wgt.c | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/wgt.c b/src/wgt.c
index 9c3cd6e..1ae1a13 100644
--- a/src/wgt.c
+++ b/src/wgt.c
@@ -36,6 +36,7 @@ struct wgt {
 	char **locales;
 };
 
+/* a valid subpath is a relative path not looking deeper than root using .. */
 static int validsubpath(const char *subpath)
 {
 	int l = 0, i = 0;
@@ -63,7 +64,8 @@ static int validsubpath(const char *subpath)
 		default:
 			while(subpath[i] && subpath[i] != '/')
 				i++;
-			l++;
+			if (l >= 0)
+				l++;
 		case '/':
 			break;
 		}
@@ -293,3 +295,27 @@ int wgt_locales_open_read(struct wgt *wgt, const char *filename)
 }
 
 
+#if defined(TEST_wgt_validsubpath)
+#include <stdio.h>
+void t(const char *subpath, int validity) {
+  printf("%s -> %d = %d, %s\n", subpath, validity, validsubpath(subpath), validsubpath(subpath)==validity ? "ok" : "NOT OK");
+}
+int main() {
+  t("/",0);
+  t("..",0);
+  t(".",1);
+  t("../a",0);
+  t("a/..",1);
+  t("a/../////..",0);
+  t("a/../b/..",1);
+  t("a/b/c/..",1);
+  t("a/b/c/../..",1);
+  t("a/b/c/../../..",1);
+  t("a/b/c/../../../.",1);
+  t("./..a/././..b/..c/./.././.././../.",1);
+  t("./..a/././..b/..c/./.././.././.././..",0);
+  t("./..a//.//./..b/..c/./.././/./././///.././.././a/a/a/a/a",1);
+  return 0;
+}
+#endif
+
-- 
2.16.6