Skip to content

Commit

Permalink
fix fix fix
Browse files Browse the repository at this point in the history
  • Loading branch information
rcrozean committed Nov 10, 2023
1 parent 32a1a70 commit d948b1f
Showing 1 changed file with 48 additions and 30 deletions.
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
From c253019adf35b956a3a8975aec95f7c53987bd33 Mon Sep 17 00:00:00 2001
From f268c1ac845737c230189e44663213ffc8af0fef Mon Sep 17 00:00:00 2001
From: Damien Neil <[email protected]>
Date: Wed, 9 Nov 2022 17:49:44 -0800
Subject: [PATCH] path/filepath: fix various issues in parsing Windows paths
Subject: [PATCH] path/filepath: fix various issues in
parsing Windows paths

# AWS EKS

Expand All @@ -14,9 +15,11 @@ Source Commit: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb
https://github.com/golang/go/commit/6d0bf438e302afcb0db5422ea2da59d1995e08c1

In addition to the CVE fix https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae,
https://github.com/golang/go/commit/6d0bf438e302afcb0db5422ea2da59d1995e08c1 was cherry-picked to include expected functions and
tests expected in the CVE fix commit. Additionally, for the purpose of
tests I added the line to api/go1.19.txt which is used for checking the

https://github.com/golang/go/commit/45b98bfb793923c539f9a959c3047d2e5fe2ebf0 &
https://github.com/golang/go/commit/6d0bf438e302afcb0db5422ea2da59d1995e08c1 were
cherry-picked to include expected functions and tests expected in the CVE fix commit.
Additionally, for the purpose of tests I added the line to api/go1.19.txt which is used for checking the
function calls exist as expected.

# Original Information
Expand Down Expand Up @@ -69,9 +72,7 @@ Reviewed-on: https://go-review.googlesource.com/c/go/+/539276
Auto-Submit: Heschi Kreinick <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>

-----

Commit: https://github.com/golang/go/commit/45b98bfb793923c539f9a959c3047d2e5fe2ebf0
commit: https://github.com/golang/go/commit/6d0bf438e302afcb0db5422ea2da59d1995e08c1

[release-branch.go1.21] path/filepath: don't drop .. elements when cleaning invalid Windows paths

Expand All @@ -97,10 +98,7 @@ Reviewed-by: Dmitri Shuralyov <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Run-TryBot: Dmitri Shuralyov <[email protected]>

-----

Commit: https://github.com/golang/go/commit/6d0bf438e302afcb0db5422ea2da59d1995e08c1

commit: https://github.com/golang/go/commit/45b98bfb793923c539f9a959c3047d2e5fe2ebf0

path/filepath: add IsLocal

Expand Down Expand Up @@ -129,8 +127,8 @@ Reviewed-by: Joedian Reid <[email protected]>
src/path/filepath/path_plan9.go | 4 +
src/path/filepath/path_test.go | 138 ++++++++++++-
src/path/filepath/path_unix.go | 4 +
src/path/filepath/path_windows.go | 229 ++++++++++++++++++----
9 files changed, 461 insertions(+), 83 deletions(-)
src/path/filepath/path_windows.go | 239 ++++++++++++++++++----
9 files changed, 468 insertions(+), 86 deletions(-)
create mode 100644 src/path/filepath/path_nonwindows.go

diff --git a/api/go1.19.txt b/api/go1.19.txt
Expand Down Expand Up @@ -653,10 +651,10 @@ index 93fdfdd8a0..ab1d08d356 100644
func IsAbs(path string) bool {
return strings.HasPrefix(path, "/")
diff --git a/src/path/filepath/path_windows.go b/src/path/filepath/path_windows.go
index b4d8ac3301..8c5513737d 100644
index b4d8ac3301..134114a39d 100644
--- a/src/path/filepath/path_windows.go
+++ b/src/path/filepath/path_windows.go
@@ -5,8 +5,11 @@
@@ -5,14 +5,24 @@
package filepath

import (
Expand All @@ -668,7 +666,20 @@ index b4d8ac3301..8c5513737d 100644
)

func isSlash(c uint8) bool {
@@ -22,18 +25,37 @@ var reservedNames = []string{
return c == '\\' || c == '/'
}

+func toUpper(c byte) byte {
+ if 'a' <= c && c <= 'z' {
+ return c - ('a' - 'A')
+ }
+ return c
+}
+
// reservedNames lists reserved Windows names. Search for PRN in
// https://docs.microsoft.com/en-us/windows/desktop/fileio/naming-a-file
// for details.
@@ -22,25 +32,41 @@ var reservedNames = []string{
"LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9",
}

Expand All @@ -682,39 +693,46 @@ index b4d8ac3301..8c5513737d 100644
+ }
+ if isSlash(path[0]) {
+ // Path rooted in the current drive.
+ return false
+ }
+ if strings.IndexByte(path, ':') >= 0 {
+ // Colons are only valid when marking a drive letter ("C:foo").
+ // Rejecting any path with a colon is conservative but safe.
return false
}
- for _, reserved := range reservedNames {
- if strings.EqualFold(path, reserved) {
- return true
+ if strings.IndexByte(path, ':') >= 0 {
+ // Colons are only valid when marking a drive letter ("C:foo").
+ // Rejecting any path with a colon is conservative but safe.
+ return false
+ }
+ hasDots := false // contains . or .. path elements
+ for p := path; p != ""; {
+ var part string
+ part, p, _ = cutPath(p)
+ if part == "." || part == ".." {
+ hasDots = true
}
+ }
+ if safefilepath.IsReservedName(part) {
+ return false
+ }
+ }
}
}
- return false
+ if hasDots {
+ path = Clean(path)
+ }
+ if path == ".." || strings.HasPrefix(path, `..\`) {
+ return false
}
- return false
+ }
+ return true
}

// IsAbs reports whether the path is absolute.
@@ -58,40 +80,110 @@ func IsAbs(path string) (b bool) {
func IsAbs(path string) (b bool) {
- if isReservedName(path) {
- return true
- }
l := volumeNameLen(path)
if l == 0 {
return false
@@ -58,40 +84,110 @@ func IsAbs(path string) (b bool) {

// volumeNameLen returns length of the leading volume name on Windows.
// It returns 0 elsewhere.
Expand Down Expand Up @@ -852,7 +870,7 @@ index b4d8ac3301..8c5513737d 100644
}

// HasPrefix exists for historical compatibility and should not be used.
@@ -151,9 +243,44 @@ func abs(path string) (string, error) {
@@ -151,9 +247,44 @@ func abs(path string) (string, error) {
}

func join(elem []string) string {
Expand Down Expand Up @@ -900,7 +918,7 @@ index b4d8ac3301..8c5513737d 100644
}
}
return ""
@@ -202,3 +329,29 @@ func isUNC(path string) bool {
@@ -202,3 +333,29 @@ func isUNC(path string) bool {
func sameWord(a, b string) bool {
return strings.EqualFold(a, b)
}
Expand Down

0 comments on commit d948b1f

Please sign in to comment.