internal/runtime/cgroup: stricter unescapePath

8 and 9 in escape sequence is invalid now, it should be octal. Escape sequence larger than \377 is invalid now, it does not fit one byte. Change-Id: I3fdebce1d054c44919f0e66a33c778b5a2b099e2 Reviewed-on: https://go-review.googlesource.com/c/go/+/723242 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Michael Pratt <mpratt@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
2026-02-03 01:15:04 +03:00 · 2025-11-22 11:00:47 +08:00
parent c2af9f14b4
commit cead111a77
2 changed files with 27 additions and 4 deletions
--- a/src/internal/runtime/cgroup/cgroup.go
+++ b/src/internal/runtime/cgroup/cgroup.go
@@ -474,18 +474,21 @@ func unescapePath(out []byte, in []byte) (int, error) {
 			return outi, errInvalidEscape
 		}

-		var outc byte
+		var outc int
 		for i := range 3 {
 			c := in[ini+1+i]
-			if c < '0' || c > '9' {
+			if c < '0' || c > '7' {
 				return outi, errInvalidEscape
 			}

 			outc *= 8
-			outc += c - '0'
+			outc += int(c - '0')
 		}

-		out[outi] = outc
+		if outc > 0xFF {
+			return outi, errInvalidEscape
+		}
+		out[outi] = byte(outc)
 		outi++

 		ini += 4
--- a/src/internal/runtime/cgroup/cgroup_test.go
+++ b/src/internal/runtime/cgroup/cgroup_test.go
@@ -682,3 +682,23 @@ b/c`,
 		}
 	})
 }
+
+func TestUnescapeInvalidPath(t *testing.T) {
+	for _, in := range []string{
+		`/a/b\c`,
+		`/a/b\01`,
+		`/a/b\018`,
+		`/a/b\01c`,
+		`/a/b\777`,
+		`01234567890123456789`,                 // too long
+		`\001\002\003\004\005\006\007\010\011`, // too long
+	} {
+		out := make([]byte, 8)
+		t.Run(in, func(t *testing.T) {
+			_, err := cgroup.UnescapePath(out, []byte(in))
+			if err == nil {
+				t.Errorf("unescapePath got nil err, want non-nil")
+			}
+		})
+	}
+}