From fa863865097b9b7148939c5e6064aff35b638657 Mon Sep 17 00:00:00 2001
From: Jacob Bachmeyer <jcb@gnu.org>
Date: Mon, 27 Mar 2023 21:06:30 -0500
Subject: [PATCH] Enforce MAX_FILE_NAME_LEN on implied directory names

A test is added to verify this check.
---
 gatekeeper.pl                         |  7 +++++++
 testsuite/gatekeeper.all/01_loose.exp | 17 ++++++++++++++++-
 testsuite/lib/gatekeeper.exp          |  8 +++++++-
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/gatekeeper.pl b/gatekeeper.pl
index 839de84..8c80b00 100755
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -1807,6 +1807,13 @@ sub interpret_directive {
 	next;
       }
 
+      # Do not allow directories to be implied with overlength names.
+      if (grep length > MAX_FILE_NAME_LEN, @dirs) {
+	push @errors, "directory name too long, in $val";
+	push @trace, ['  ^--', 'a component of this name is too long'];
+	next;
+      }
+
       # Only let them specify one directory directive.
       if (defined $header{directory}) {
 	push @errors,
diff --git a/testsuite/gatekeeper.all/01_loose.exp b/testsuite/gatekeeper.all/01_loose.exp
index d6d54c5..61ef41b 100644
--- a/testsuite/gatekeeper.all/01_loose.exp
+++ b/testsuite/gatekeeper.all/01_loose.exp
@@ -1,6 +1,6 @@
 # Tests for processing standalone directives
 
-# Copyright (C) 2021, 2022 Jacob Bachmeyer
+# Copyright (C) 2021, 2022, 2023 Jacob Bachmeyer
 #
 # This file is part of a testsuite for the GNU FTP upload system.
 #
@@ -243,6 +243,21 @@ check_loose_directive "bogus: signed with wrong key and too deep" {
     ftp-upload-script@gnu.org ftp-upload-report@gnu.org
 }
 
+check_loose_directive "bogus: signed with wrong key and too long" [list \
+    directive [subst {
+	version 1.2
+	directory foo/[string repeat long 100]/bar
+	no-op ""
+	comment "do nothing"
+    }] dsig { good 01 1001 }] file-tree {
+    { inbox stage pub archive } empty {}
+    { scratch } files { .foo.directive.asc }
+} log {
+    validate,bad-directory-length "excessively long directory name rejected"
+} email-to {
+    ftp-upload-script@gnu.org ftp-upload-report@gnu.org
+}
+
 check_loose_directive "bogus: signed for bogus package" {
     directive {
 	version 1.2
diff --git a/testsuite/lib/gatekeeper.exp b/testsuite/lib/gatekeeper.exp
index 66461ff..2433220 100644
--- a/testsuite/lib/gatekeeper.exp
+++ b/testsuite/lib/gatekeeper.exp
@@ -1,6 +1,6 @@
 # DejaGnu tool init file for GNU FTP upload handler tests
 
-# Copyright (C) 2021, 2022 Jacob Bachmeyer
+# Copyright (C) 2021, 2022, 2023 Jacob Bachmeyer
 #
 # This file is part of a testsuite for the GNU FTP upload system.
 #
@@ -599,6 +599,12 @@ proc analyze_log { base_dir name assess } {
 		     set A(validate,bad-directory-depth,$expect_out(1,string)) 1
 		     exp_continue
 		 }
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[PS\]\
+		 directory name too long, in [^\r\n]+} {
+		     # from interpret_directive, when a name is too long
+		     set A(validate,bad-directory-length) 1
+		     exp_continue
+		 }
 	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[PS\]\
 		 Only one directory directive is allowed per [^\r\n]+} {
 		     # from parse_directory_line, if directory repeated
-- 
2.25.1