* Sanitize a string from the client so that it's OK to be inserted into a * filesystem path. Specifically, we disallow directory separators, runs * of "..", and trailing and leading dots, which means that the client * cannot escape our base path via ".." traversal. */
| 558 | * cannot escape our base path via ".." traversal. |
| 559 | */ |
| 560 | static void sanitize_client(struct strbuf *out, const char *in) |
| 561 | { |
| 562 | for (; *in; in++) { |
| 563 | if (is_dir_sep(*in)) |
| 564 | continue; |
| 565 | if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.')) |
| 566 | continue; |
| 567 | strbuf_addch(out, *in); |
| 568 | } |
| 569 | |
| 570 | while (out->len && out->buf[out->len - 1] == '.') |
| 571 | strbuf_setlen(out, out->len - 1); |
| 572 | } |
| 573 | |
| 574 | /* |
| 575 | * Like sanitize_client, but we also perform any canonicalization |
no test coverage detected