src/temp_permissions_table.c

@@ -12,7 +12,9 @@
 #include "proc_operations.h"
 #include "process_info.h"
 #include <pthread.h>
+#include <stddef.h>
 #include <stdio.h>
+#include <string.h>
 #include <sys/types.h>
 
 struct temp_process_permissions {
@@ -127,14 +129,23 @@ access_t check_temp_access_noparent(const char *filename, pid_t pid) {
     if (process_creation_time == permission_entry->creation_time) {
       // the process is the same as the one that was granted temporary access
       // to the file
+      size_t filename_len = strlen(filename);
       for_each(&permission_entry->denied_files, denied_file) {
-        if (strncmp(*denied_file, filename, strlen(filename)) == 0) {
+        size_t denied_file_len = strlen(*denied_file);
+        if (strncmp(*denied_file, filename, denied_file_len) == 0 &&
+            ((denied_file_len < filename_len &&
+              (*denied_file)[denied_file_len - 1] == '/') ||
+             (denied_file_len == filename_len))) {
           pthread_mutex_unlock(&temp_permissions_table_lock);
           return DENY;
         }
       }
       for_each(&permission_entry->allowed_files, allowed_file) {
-        if (strncmp(*allowed_file, filename, strlen(filename)) == 0) {
+        size_t allowed_file_len = strlen(*allowed_file);
+        if (strncmp(*allowed_file, filename, allowed_file_len) == 0 &&
+            ((allowed_file_len < filename_len &&
+              (*allowed_file)[allowed_file_len - 1] == '/') ||
+             (allowed_file_len == filename_len))) {
           pthread_mutex_unlock(&temp_permissions_table_lock);
           return ALLOW;
         }