lib/osutil: Prevent infinite Glob recursion (fixes #3577)

[tpng]

This prevents filepath.Split(pattern) from returning the same dir value as pattern which cause infinite recursion on bad input.

Testing

In GUI, click "Add folder".
In folder path type: \?\C:\Users

[calmh]

@st-jenkins add to white list

[calmh]

Awesome. Could you add a test for this also, that runs on windows only?

[tpng]

Added test for Windows that will panic on unfixed code.

[AudriusButkevicius]

You should check the runtime.GOOS or add +build windows to the header, as this will most likely consistently fail on non-Windows

[tpng]

Oh test ignore the _windows_ in the filename?

[AudriusButkevicius]

I actually didn't notice that and I don't know, interesting question.

[tpng]

I got the same question when writing the test too, so I took a look at how they write the platform specific test in Go src, and go test seems to follow the same rule as normal code on filename. (e.g. skipping _unix_ test files on Windows)

edit: I see they had a build flag at top too, I will add it for safe then.

[AudriusButkevicius]

In which was I withdraw my comment.

[canton7]

(BTW, the go fmt check is failing - run go fmt on your code).

[tpng]

The fmt fail is on cmd/syncthing/traceback.go, do you want me to go fmt it and add to the changeset or left it as is?

[canton7]

Ah? Ignore me in that case.

[calmh]

@st-jenkins retest this please

[calmh]

@tpng Thanks, gofmt fixed (my bad), test confirmed to run on Windows and fails without the patch!

Now just to get Jenkins to play ball...

[calmh]

@st-jenkins retest this please

[calmh]

@st-review merge it

lib/osutil: Prevent infinite Glob recursion (fixes #3577)

Skip-check: authors

[st-review]

👌 Merged as 05c37e5. Thanks, @tpng!

[calmh]

(there is nothing wrong with the authorship, it's just Jenkins has some issues atm)

[canton7]

👍 thanks @tpng!