path: fix normalize paths ending with two dots

Fixes: https://github.com/nodejs/security/issues/147 PR-URL: https://github.com/nodejs-private/node-private/pull/94 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Doug Wilson <doug@somethingdoug.com> Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
author: Michaël Zasso <targos@protonmail.com> 2017-09-26 10:32:04 +0200
committer: James M Snell <jasnell@gmail.com> 2017-09-26 14:59:54 -0700
commit: cfee1c977867defa2866eebb23a9fabec4003f52 (patch)
tree: 6c1d0569059145ef8f6ec4e90fadb224bcd126c3 /lib
parent: 05e4c1d6bcc6499c23d47b57f97038117341a5eb (diff)
download: android-node-v8-cfee1c977867defa2866eebb23a9fabec4003f52.tar.gz
android-node-v8-cfee1c977867defa2866eebb23a9fabec4003f52.tar.bz2
android-node-v8-cfee1c977867defa2866eebb23a9fabec4003f52.zip
1 files changed, 20 insertions, 16 deletions
diff --git a/lib/path.js b/lib/path.js
index 24f6ed617f..9ac8a2450b 100644
--- a/lib/path.js
+++ b/lib/path.js
@@ -32,10 +32,10 @@ function assertPath(path) {
 // Resolves . and .. elements in a path with directory names
 function normalizeStringWin32(path, allowAboveRoot) {
   var res = '';
+  var lastSegmentLength = 0;
   var lastSlash = -1;
   var dots = 0;
   var code;
-  var isAboveRoot = false;
   for (var i = 0; i <= path.length; ++i) {
     if (i < path.length)
       code = path.charCodeAt(i);
@@ -47,7 +47,7 @@ function normalizeStringWin32(path, allowAboveRoot) {
       if (lastSlash === i - 1 || dots === 1) {
         // NOOP
       } else if (lastSlash !== i - 1 && dots === 2) {
-        if (res.length < 2 || !isAboveRoot ||
+        if (res.length < 2 || lastSegmentLength !== 2 ||
             res.charCodeAt(res.length - 1) !== 46/*.*/ ||
             res.charCodeAt(res.length - 2) !== 46/*.*/) {
           if (res.length > 2) {
@@ -58,20 +58,22 @@ function normalizeStringWin32(path, allowAboveRoot) {
                 break;
             }
             if (j !== start) {
-              if (j === -1)
+              if (j === -1) {
                 res = '';
-              else
+                lastSegmentLength = 0;
+              } else {
                 res = res.slice(0, j);
+                lastSegmentLength = j;
+              }
               lastSlash = i;
               dots = 0;
-              isAboveRoot = false;
               continue;
             }
           } else if (res.length === 2 || res.length === 1) {
             res = '';
+            lastSegmentLength = 0;
             lastSlash = i;
             dots = 0;
-            isAboveRoot = false;
             continue;
           }
         }
@@ -80,14 +82,14 @@ function normalizeStringWin32(path, allowAboveRoot) {
             res += '\\..';
           else
             res = '..';
-          isAboveRoot = true;
+          lastSegmentLength = 2;
         }
       } else {
         if (res.length > 0)
           res += '\\' + path.slice(lastSlash + 1, i);
         else
           res = path.slice(lastSlash + 1, i);
-        isAboveRoot = false;
+        lastSegmentLength = i - lastSlash - 1;
       }
       lastSlash = i;
       dots = 0;
@@ -103,10 +105,10 @@ function normalizeStringWin32(path, allowAboveRoot) {
 // Resolves . and .. elements in a path with directory names
 function normalizeStringPosix(path, allowAboveRoot) {
   var res = '';
+  var lastSegmentLength = 0;
   var lastSlash = -1;
   var dots = 0;
   var code;
-  var isAboveRoot = false;
   for (var i = 0; i <= path.length; ++i) {
     if (i < path.length)
       code = path.charCodeAt(i);
@@ -118,7 +120,7 @@ function normalizeStringPosix(path, allowAboveRoot) {
       if (lastSlash === i - 1 || dots === 1) {
         // NOOP
       } else if (lastSlash !== i - 1 && dots === 2) {
-        if (res.length < 2 || !isAboveRoot ||
+        if (res.length < 2 || lastSegmentLength !== 2 ||
             res.charCodeAt(res.length - 1) !== 46/*.*/ ||
             res.charCodeAt(res.length - 2) !== 46/*.*/) {
           if (res.length > 2) {
@@ -129,20 +131,22 @@ function normalizeStringPosix(path, allowAboveRoot) {
                 break;
             }
             if (j !== start) {
-              if (j === -1)
+              if (j === -1) {
                 res = '';
-              else
+                lastSegmentLength = 0;
+              } else {
                 res = res.slice(0, j);
+                lastSegmentLength = j;
+              }
               lastSlash = i;
               dots = 0;
-              isAboveRoot = false;
               continue;
             }
           } else if (res.length === 2 || res.length === 1) {
             res = '';
+            lastSegmentLength = 0;
             lastSlash = i;
             dots = 0;
-            isAboveRoot = false;
             continue;
           }
         }
@@ -151,14 +155,14 @@ function normalizeStringPosix(path, allowAboveRoot) {
             res += '/..';
           else
             res = '..';
-          isAboveRoot = true;
+          lastSegmentLength = 2;
         }
       } else {
         if (res.length > 0)
           res += '/' + path.slice(lastSlash + 1, i);
         else
           res = path.slice(lastSlash + 1, i);
-        isAboveRoot = false;
+        lastSegmentLength = i - lastSlash - 1;
       }
       lastSlash = i;
       dots = 0;
author	Michaël Zasso <targos@protonmail.com>	2017-09-26 10:32:04 +0200
committer	James M Snell <jasnell@gmail.com>	2017-09-26 14:59:54 -0700
commit	cfee1c977867defa2866eebb23a9fabec4003f52 (patch)
tree	6c1d0569059145ef8f6ec4e90fadb224bcd126c3 /lib
parent	05e4c1d6bcc6499c23d47b57f97038117341a5eb (diff)
download	android-node-v8-cfee1c977867defa2866eebb23a9fabec4003f52.tar.gz android-node-v8-cfee1c977867defa2866eebb23a9fabec4003f52.tar.bz2 android-node-v8-cfee1c977867defa2866eebb23a9fabec4003f52.zip