handle_restart: Reject log_id if it contains ".."

The log_id is used to create a path name.  We need to make sure the
ID doesn't start with "../", end with "/..", or contain "/../" to
prevent potential path traversal.

Thanks to Joshua Rogers for finding this.

Author: millert

logsrvd/dotdot.c

@@ -0,0 +1,56 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2025 Todd C. Miller <[email protected]>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * This is an open source non-commercial project. Dear PVS-Studio, please check it.
+ * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
+ */
+
+#include <config.h>
+
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include <compat/stdbool.h>
+#endif /* HAVE_STDBOOL_H */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <sudo_compat.h>
+#include <sudo_debug.h>
+#include <logsrv_util.h>
+
+bool
+contains_dot_dot(const char *str)
+{
+    const char *cp;
+    debug_decl(contains_dot_dot, SUDO_DEBUG_UTIL);
+
+    for (cp = str; *cp != '\0'; cp++) {
+	/* Match ".." */
+	if (cp[0] != '.' || cp[1] != '.')
+	    continue;
+
+	/* Match "^.." or "/.." then "../" or "..$" */
+	if ((cp == str || cp[-1] == '/') && (cp[2] == '/' || cp[2] == '\0'))
+	    debug_return_bool(true);
+    }
+
+    debug_return_bool(false);
+}