prog: allow escaping paths but don't generate them

Filename generated escaping paths in the past. The reason for the check during validation is to wipe old program from corpuses. Now that they are hopefully wiped everywhere, we can relax the check to restrict only filename to not produce escaping paths, but allow existing programs with escaping paths. This is useful in particular if we generate syzkaller programs from strace output.
author: Dmitry Vyukov <dvyukov@google.com> 2018-11-02 17:31:59 +0100
committer: Dmitry Vyukov <dvyukov@google.com> 2018-11-02 17:31:59 +0100
commit: 8bd6bd63656d411729c450d452e1355b42adf900 (patch)
tree: e76c534792ca78c4a4d8065b7afedbbb1c75896a /prog/rand.go
parent: 1f38e9aef71ae9e170a69e1f15b7c455a9627e99 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/prog/rand.go b/prog/rand.go
index 23b4afcfa..2e028d230 100644
--- a/prog/rand.go
+++ b/prog/rand.go
@@ -157,6 +157,9 @@ func (r *randGen) filename(s *state, typ *BufferType) string {
 	if len(fn) != 0 && fn[len(fn)-1] == 0 {
 		panic(fmt.Sprintf("zero-terminated filename: %q", fn))
 	}
+	if escapingFilename(fn) {
+		panic(fmt.Sprintf("sandbox escaping file name %q", fn))
+	}
 	if !typ.Varlen() {
 		size := typ.Size()
 		if uint64(len(fn)) < size {
@@ -169,6 +172,12 @@ func (r *randGen) filename(s *state, typ *BufferType) string {
 	return fn
 }
 
+func escapingFilename(file string) bool {
+	file = filepath.Clean(file)
+	return len(file) >= 1 && file[0] == '/' ||
+		len(file) >= 2 && file[0] == '.' && file[1] == '.'
+}
+
 var specialFiles = []string{"", "."}
 
 func (r *randGen) filenameImpl(s *state) string {
author	Dmitry Vyukov <dvyukov@google.com>	2018-11-02 17:31:59 +0100
committer	Dmitry Vyukov <dvyukov@google.com>	2018-11-02 17:31:59 +0100
commit	8bd6bd63656d411729c450d452e1355b42adf900 (patch)
tree	e76c534792ca78c4a4d8065b7afedbbb1c75896a /prog/rand.go
parent	1f38e9aef71ae9e170a69e1f15b7c455a9627e99 (diff)