paths: Reject dotdots above root

This changes the behavior of paths that attempt to navigate above root to now return LFS_ERR_INVAL: - before: lfs_stat("../a") => 0 - after: lfs_stat("../a") => LFS_ERR_INVAL This is a bit of an opinionated change while making other path resolution tweaks. In terms of POSIX-compatibility, it's a bit unclear exactly what dotdots above the root should do. POSIX notes: > As a special case, in the root directory, dot-dot may refer to the > root directory itself. But the word choice of "may" implies it is up to the implementation. I originally implement this as a root-loop simply because that is what my Linux machine does, but I now think that's not the best option. Since we're making other path-related tweaks, we might as well try to adopt behavior that is, in my opinion, safer and less... weird... This should also help make paths more consistent with future theoretical openat-list APIs, where saturating at the current directory is sort of the least expected behavior.
littlefs-project · Nov 23, 2024 · 39c3c66 · 39c3c66
1 parent f23118b
commit 39c3c66
Show file tree

Hide file tree

Showing 2 changed files with 182 additions and 182 deletions.
diff --git a/lfs.c b/lfs.c
@@ -1500,13 +1500,17 @@ static lfs_stag_t lfs_dir_find(lfs_t *lfs, lfs_mdir_t *dir,
         }
         lfs_size_t namelen = strcspn(name, "/");
 
-        // skip '.' and root '..'
-        if ((namelen == 1 && memcmp(name, ".", 1) == 0) ||
-            (namelen == 2 && memcmp(name, "..", 2) == 0)) {
+        // skip '.'
+        if (namelen == 1 && memcmp(name, ".", 1) == 0) {
             name += namelen;
             goto nextname;
         }
 
+        // error on unmatched '..', trying to go above root?
+        if (namelen == 2 && memcmp(name, "..", 2) == 0) {
+            return LFS_ERR_INVAL;
+        }
+
         // skip if matched by '..' in name
         const char *suffix = name + namelen;
         lfs_size_t sufflen;