initfs: update: Sanitize whitelist directory entries

Repeatedly strip trailing "/" and "/." from whitelist entries
and fail if an entry includes "/../", ends with "/..", or doesn't
start with a "/".  Also use the entries quoted to avoid any glob.

It was noticed the save code was saving directories that ended
in "/" into a subdirectory of the last component name.  This was
traced the the code creating the directory just stripping the last
"/" and then copying to the directory.

Choose to sanitize the entry where possible for ease of use verses
a small performance penalty.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>

1 files changed, 13 insertions, 2 deletions

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
index 97d4402ee8..f0c41a74c0 100755
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
@@ -173,13 +173,24 @@ then
 
 	while read f
 	do
-		if ! test -e $upper/$f
+		# Entries shall start with /, no trailing /.. or embedded /../
+		if test "/${f#/}" != "$f" -o "${f%/..}" != "${f#*/../}"
+		then
+			echo 1>&2 "WARNING: Skipping bad whitelist entry $f."
+			continue
+		fi
+		if ! test -e "$upper/$f"
 		then
 			continue
 		fi
 		d="$save/$f"
+		while test "${d%/}" != "${d%/.}"
+		do
+			d="${d%/.}"
+			d="${d%/}"
+		done
 		mkdir -p "${d%/*}"
-		cp -rp $upper/$f "${d%/*}/"
+		cp -rp "$upper/$f" "${d%/*}/"
 	done < $whitelist
 
 	if test -n "$mounted"