From 93ecd26306532dd9b139aaaa25f50444716e35af Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Sat, 28 Mar 2026 09:12:15 +0000
Subject: TODO

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/libreboot-utils/lib/file.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'util/libreboot-utils/lib/file.c')

diff --git a/util/libreboot-utils/lib/file.c b/util/libreboot-utils/lib/file.c
index 4623748c..3620f425 100644
--- a/util/libreboot-utils/lib/file.c
+++ b/util/libreboot-utils/lib/file.c
@@ -691,6 +691,10 @@ rootfs(void)
 }
 
 /* filesystem sandboxing in userspace
+ * TODO:
+	missing length bound check.
+	potential CPU DoS on very long paths, spammed repeatedly.
+	perhaps cap at PATH_LEN?
  */
 int
 fs_resolve_at(int dirfd, const char *path, int flags)
@@ -754,6 +758,15 @@ err:
 	return -1;
 }
 
+/* NOTE:
+	rejects . and .. but not empty strings
+	after normalisation. edge case:
+	//////
+
+	normalised implicitly, but might be good
+	to add a defensive check regardless. code
+	probably not exploitable in current state.
+ */
 int
 fs_next_component(const char **p,
     char *name, size_t namesz)
-- 
cgit v1.2.1