initfs: update: Sanitize whitelist directory entries
Repeatedly strip trailing "/" and "/." from whitelist entries
and fail if an entry includes "/../", ends with "/..", or doesn't
start with a "/". Also use the entries quoted to avoid any glob.
It was noticed the save code was saving directories that ended
in "/" into a subdirectory of the last component name. This was
traced the the code creating the directory just stripping the last
"/" and then copying to the directory.
Choose to sanitize the entry where possible for ease of use verses
a small performance penalty.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
1 file changed