From 53f89464a337181df977158050d01473cb582515 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Fri, 10 Jul 2020 00:13:13 +0200
Subject: [PATCH] vfs: fix invalid dereference for zero-length base_path

When base_path has len == 0, the code used to compare base_path[-1]
with '/'. Fix by correcting the length check.
Also mention the case of zero-length base_path in the API reference.

Closes https://github.com/espressif/esp-idf/issues/5514
---
 components/vfs/include/esp_vfs.h | 6 +++++-
 components/vfs/vfs.c             | 6 ++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/components/vfs/include/esp_vfs.h b/components/vfs/include/esp_vfs.h
index 2fbdbba067..98180e57f1 100644
--- a/components/vfs/include/esp_vfs.h
+++ b/components/vfs/include/esp_vfs.h
@@ -259,12 +259,16 @@ typedef struct
  * Register a virtual filesystem for given path prefix.
  *
  * @param base_path  file path prefix associated with the filesystem.
- *                   Must be a zero-terminated C string, up to ESP_VFS_PATH_MAX
+ *                   Must be a zero-terminated C string, may be empty.
+ *                   If not empty, must be up to ESP_VFS_PATH_MAX
  *                   characters long, and at least 2 characters long.
  *                   Name must start with a "/" and must not end with "/".
  *                   For example, "/data" or "/dev/spi" are valid.
  *                   These VFSes would then be called to handle file paths such as
  *                   "/data/myfile.txt" or "/dev/spi/0".
+ *                   In the special case of an empty base_path, a "fallback"
+ *                   VFS is registered. Such VFS will handle paths which are not
+ *                   matched by any other registered VFS.
  * @param vfs  Pointer to esp_vfs_t, a structure which maps syscalls to
  *             the filesystem driver functions. VFS component doesn't
  *             assume ownership of this pointer.
diff --git a/components/vfs/vfs.c b/components/vfs/vfs.c
index 005d050d48..fc8c70b939 100644
--- a/components/vfs/vfs.c
+++ b/components/vfs/vfs.c
@@ -75,10 +75,12 @@ static _lock_t s_fd_table_lock;
 static esp_err_t esp_vfs_register_common(const char* base_path, size_t len, const esp_vfs_t* vfs, void* ctx, int *vfs_index)
 {
     if (len != LEN_PATH_PREFIX_IGNORED) {
-        if ((len != 0 && len < 2) || (len > ESP_VFS_PATH_MAX)) {
+        /* empty prefix is allowed, "/" is not allowed */
+        if ((len == 1) || (len > ESP_VFS_PATH_MAX)) {
             return ESP_ERR_INVALID_ARG;
         }
-        if ((len > 0 && base_path[0] != '/') || base_path[len - 1] == '/') {
+        /* prefix has to start with "/" and not end with "/" */
+        if (len >= 2 && ((base_path[0] != '/') || (base_path[len - 1] == '/'))) {
             return ESP_ERR_INVALID_ARG;
         }
     }