commit 054cd6b98fbb367f781b25084661076f5c1fe4b1
from: Omar Polo <op@omarpolo.com>
date: Tue Dec 14 17:24:39 2021 UTC

Twalk: validate path component

disallow empty path, the dot or components which contains the path
separator ('/').  The current implementation transforms these into a
"can't open" type of failure, I'm unsure if we want to turn these into
hard Rerror.

commit - bc87198fd5aeb42bcff0ec36d425af6a1956e457
commit + 054cd6b98fbb367f781b25084661076f5c1fe4b1
blob - 14cb21d918481f2613d20751cddbb567cfddba36
blob + 86d1c8a51a4c7c63249f0344ed9cc3e51c1597be
--- client.c
+++ client.c
@@ -951,6 +951,13 @@ twalk(struct np_msg_header *hdr, const uint8_t *data, 
 			return;
 		}
 
+		if (*wnam == '\0' || 
+		    strchr(wnam, '/') != NULL ||
+		    !strcmp(wnam, ".")) {
+			errno = EINVAL;
+			goto cantopen;
+		}
+
 		if ((fd = openat(oldfd, wnam, O_RDONLY|O_DIRECTORY)) == -1 &&
 		    errno != ENOTDIR) {
 			nwqid--;