From 5473d11caa51d8d0e3e851a2992ec0f2b4afb24f Mon Sep 17 00:00:00 2001
From: Joe Tsai <joetsai@digital-static.net>
Date: Thu, 21 Sep 2023 10:01:27 -0700
Subject: [PATCH] ipn/ipnlocal: perform additional sanity check in diskPath
 (#9500)

Use filepath.IsLocal to further validate the baseName.

Updates tailscale/corp#14772

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
---
 ipn/ipnlocal/peerapi.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ipn/ipnlocal/peerapi.go b/ipn/ipnlocal/peerapi.go
index bf9708751..a02ee2e40 100644
--- a/ipn/ipnlocal/peerapi.go
+++ b/ipn/ipnlocal/peerapi.go
@@ -136,6 +136,9 @@ func (s *peerAPIServer) diskPath(baseName string) (fullPath string, ok bool) {
 			return "", false
 		}
 	}
+	if !filepath.IsLocal(baseName) {
+		return "", false
+	}
 	return filepath.Join(s.rootDir, baseName), true
 }