prog: don't generate filenames that escape sandbox

All files that fuzzer works with must be in the working dir.
Using "/" is known to cause problems when fuzzer
removes files there or mounts something.

1 files changed, 34 insertions, 0 deletions

diff --git a/prog/prog_test.go b/prog/prog_test.go
index e83310b32..5d4c2dac3 100644
--- a/prog/prog_test.go
+++ b/prog/prog_test.go
@@ -5,6 +5,7 @@ package prog
 
 import (
 	"bytes"
+	"encoding/hex"
 	"fmt"
 	"math/rand"
 	"strings"
@@ -210,3 +211,36 @@ func TestSpecialStructs(t *testing.T) {
 		}
 	})
 }
+
+func TestEscapingPaths(t *testing.T) {
+	paths := map[string]bool{
+		"/":                      true,
+		"/\x00":                  true,
+		"/file/..":               true,
+		"/file/../..":            true,
+		"./..":                   true,
+		"..":                     true,
+		"file/../../file":        true,
+		"../file":                true,
+		"./file/../../file/file": true,
+		"":          false,
+		".":         false,
+		"file":      false,
+		"./file":    false,
+		"./file/..": false,
+	}
+	target, err := GetTarget("test", "64")
+	if err != nil {
+		t.Fatal(err)
+	}
+	for path, escaping := range paths {
+		text := fmt.Sprintf("mutate5(&(0x7f0000000000)=\"%s\", 0x0)", hex.EncodeToString([]byte(path)))
+		_, err := target.Deserialize([]byte(text))
+		if !escaping && err != nil {
+			t.Errorf("path %q is detected as escaping (%v)", path, err)
+		}
+		if escaping && (err == nil || !strings.Contains(err.Error(), "sandbox escaping file")) {
+			t.Errorf("path %q is not detected as escaping (%v)", path, err)
+		}
+	}
+}