prog: allow escaping paths but don't generate them

Filename generated escaping paths in the past.
The reason for the check during validation is to
wipe old program from corpuses. Now that they are
hopefully wiped everywhere, we can relax the check
to restrict only filename to not produce escaping paths,
but allow existing programs with escaping paths.
This is useful in particular if we generate syzkaller
programs from strace output.

3 files changed, 13 insertions, 24 deletions

diff --git a/prog/prog_test.go b/prog/prog_test.go
index 29b4d385e..1bc9eb4d5 100644
--- a/prog/prog_test.go
+++ b/prog/prog_test.go
@@ -5,7 +5,6 @@ package prog
 
 import (
 	"bytes"
-	"encoding/hex"
 	"fmt"
 	"math/rand"
 	"strings"
@@ -229,18 +228,10 @@ func TestEscapingPaths(t *testing.T) {
 		"./file":    false,
 		"./file/..": false,
 	}
-	target, err := GetTarget("test", "64")
-	if err != nil {
-		t.Fatal(err)
-	}
-	for path, escaping := range paths {
-		text := fmt.Sprintf("mutate5(&(0x7f0000000000)=\"%s\", 0x0)", hex.EncodeToString([]byte(path)))
-		_, err := target.Deserialize([]byte(text))
-		if !escaping && err != nil {
-			t.Errorf("path %q is detected as escaping (%v)", path, err)
-		}
-		if escaping && (err == nil || !strings.Contains(err.Error(), "sandbox escaping file")) {
-			t.Errorf("path %q is not detected as escaping (%v)", path, err)
+	for path, want := range paths {
+		got := escapingFilename(path)
+		if got != want {
+			t.Errorf("path %q: got %v, want %v", path, got, want)
 		}
 	}
 }
diff --git a/prog/rand.go b/prog/rand.go
index 23b4afcfa..2e028d230 100644
--- a/prog/rand.go
+++ b/prog/rand.go
@@ -157,6 +157,9 @@ func (r *randGen) filename(s *state, typ *BufferType) string {
 	if len(fn) != 0 && fn[len(fn)-1] == 0 {
 		panic(fmt.Sprintf("zero-terminated filename: %q", fn))
 	}
+	if escapingFilename(fn) {
+		panic(fmt.Sprintf("sandbox escaping file name %q", fn))
+	}
 	if !typ.Varlen() {
 		size := typ.Size()
 		if uint64(len(fn)) < size {
@@ -169,6 +172,12 @@ func (r *randGen) filename(s *state, typ *BufferType) string {
 	return fn
 }
 
+func escapingFilename(file string) bool {
+	file = filepath.Clean(file)
+	return len(file) >= 1 && file[0] == '/' ||
+		len(file) >= 2 && file[0] == '.' && file[1] == '.'
+}
+
 var specialFiles = []string{"", "."}
 
 func (r *randGen) filenameImpl(s *state) string {
diff --git a/prog/validation.go b/prog/validation.go
index 632f84509..e7a015c64 100644
--- a/prog/validation.go
+++ b/prog/validation.go
@@ -5,7 +5,6 @@ package prog
 
 import (
 	"fmt"
-	"path/filepath"
 )
 
 var debug = false // enabled in tests
@@ -173,16 +172,6 @@ func (arg *DataArg) validate(ctx *validCtx) error {
 			return fmt.Errorf("string arg '%v' has size %v, which should be %v",
 				typ.Name(), arg.Size(), typ.TypeSize)
 		}
-	case BufferFilename:
-		file := string(arg.data)
-		for len(file) != 0 && file[len(file)-1] == 0 {
-			file = file[:len(file)-1]
-		}
-		file = filepath.Clean(file)
-		if len(file) > 0 && file[0] == '/' ||
-			len(file) > 1 && file[0] == '.' && file[1] == '.' {
-			return fmt.Errorf("sandbox escaping file name %q", string(arg.data))
-		}
 	}
 	return nil
 }