Make Windows traversal checking handle pathological cases
Different versions of Windows have undocumented quirks in handling path components
(e.g. truncating or ignoring certain leading or trailing characters). In order to avoid potential
security bugs we're going to treat components more loosely and risk a few unlikely false
positives from FilePath::ReferencesParent().
BUG=181617
R=brettw@chromium.org, ericu@chromium.org
Review URL: https://codereview.chromium.org/12771015
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@200603 0039d316-1c4b-4281-b951-d872f2087c98
CrOS-Libchrome-Original-Commit: e2af9e8035f5faf863db2e4a67d4a42a1d94a3c6
diff --git a/base/files/file_path.cc b/base/files/file_path.cc
index e9495a1..03ccbcd 100644
--- a/base/files/file_path.cc
+++ b/base/files/file_path.cc
@@ -553,8 +553,15 @@
std::vector<StringType>::const_iterator it = components.begin();
for (; it != components.end(); ++it) {
const StringType& component = *it;
- if (component == kParentDirectory)
+ // Windows has odd, undocumented behavior with path components containing
+ // only whitespace and . characters. So, if all we see is . and
+ // whitespace, then we treat any .. sequence as referencing parent.
+ // For simplicity we enforce this on all platforms.
+ if (component.find_first_not_of(FILE_PATH_LITERAL(". \n\r\t")) ==
+ std::string::npos &&
+ component.find(kParentDirectory) != std::string::npos) {
return true;
+ }
}
return false;
}