@@ -1514,13 +1514,19 @@ struct RealPathTestCase realPathDefault[] = {
15141514 "/C:/Users/fred/Documents/junk.txt" },
15151515 { "/C:\\Users\\fred/Documents\\junk.txt" ,
15161516 "/C:/Users/fred/Documents/junk.txt" },
1517+ /* Root-preservation / path-traversal prevention */
1518+ { "/../etc/passwd" , "/etc/passwd" },
1519+ { "/../../../etc/passwd" , "/etc/passwd" },
1520+ { "/C:/../../etc/passwd" , "/etc/passwd" },
15171521};
15181522
15191523struct RealPathTestCase realPathNull [] = {
15201524 { "." , "/" },
15211525 { "" , "/" },
15221526 { ".." , "/" },
15231527 { "../barney" , "/barney" },
1528+ { "/../etc/passwd" , "/etc/passwd" },
1529+ { "/../../../etc/passwd" , "/etc/passwd" },
15241530};
15251531
15261532static void DoRealPathTestCase (const char * path , struct RealPathTestCase * tc )
@@ -1534,14 +1540,8 @@ static void DoRealPathTestCase(const char* path, struct RealPathTestCase* tc)
15341540 WMEMSET (checkPath , 0 , sizeof checkPath );
15351541 err = wolfSSH_RealPath (path , testPath ,
15361542 checkPath , sizeof checkPath );
1537- if (err || WSTRCMP (tc -> exp , checkPath ) != 0 ) {
1538- fprintf (stderr , "RealPath failure (%d)\n"
1539- " defaultPath: %s\n"
1540- " input: %s\n"
1541- " expected: %s\n"
1542- " output: %s\n" , err ,
1543- path , tc -> in , tc -> exp , checkPath );
1544- }
1543+ AssertIntEQ (err , WS_SUCCESS );
1544+ AssertStrEQ (tc -> exp , checkPath );
15451545}
15461546
15471547
@@ -1571,14 +1571,7 @@ static void DoRealPathTestFailCase(struct RealPathTestFailCase* tc)
15711571 WMEMSET (checkPath , 0 , sizeof checkPath );
15721572 err = wolfSSH_RealPath (tc -> defaultPath , testPath ,
15731573 checkPath , tc -> checkPathSz );
1574- if (err != tc -> expErr ) {
1575- fprintf (stderr , "RealPath fail check failure (%d)\n"
1576- " defaultPath: %s\n"
1577- " input: %s\n"
1578- " checkPathSz: %u\n"
1579- " expected: %d\n" , err ,
1580- tc -> defaultPath , tc -> in , tc -> checkPathSz , tc -> expErr );
1581- }
1574+ AssertIntEQ (err , tc -> expErr );
15821575}
15831576
15841577
0 commit comments