On Wed, 2020-04-29 at 11:52:54 +0200, Helmut Grohne wrote: > On Wed, Apr 29, 2020 at 11:28:08AM +0200, Guillem Jover wrote: > > Thanks! I notice this is susceptible to directory traversals. I've > > amended it and added comments in the attached version. I'm thinking > > I'll need to add unit tests to cover for this among other similar > > issues. > > I don't think your adaption is correct. Traversing the root directory is > actually supported. /../ resolves to /. Returning an error there is not > correct. You are absolutely right, thanks! What tripped me over was a test result where the directory traversal was returning empty strings, which should have been obvious was not traversing anything. :) $ readlink /tmp/symlinks/root-dir/out ../../../../.. I think the correct change is the one attached, which makes sure to return /. Regards, Guillem
Attachment:
readlink_f.sh
Description: Bourne shell script