Bug report

Bug description:

Note that_readlink_deep() does nothing to ensure that the result is a final, normalized pathname. It just tries to keep reading symlinks until the target isn't a symlink or access/reading fails in a manner that's allowed. If it succeeds, the resulting pathname may include any number of symlinks, mount points, and short names._getfinalpathname_nonstrict() should instead pass both the pathname and theseen set into_readlink_deep(). If it succeeds, then add the resulting pathname to the set, and continue the loop to try to get a final, normalized pathname.

Originally posted by@eryksun in#110298 (comment)

I was able to reproduce this issue. Run the following code block with Administrator privileges in Windows:

mkdir C:\testdirmkdir C:\testdir\realecho 1> C:\testdir\real\file.txticacls C:\testdir\real\file.txt /deny*S-1-5-32-545:(S)mklink /d C:\testdir\symlink1 C:\testdir\realmklink /d C:\testdir\symlink2 C:\testdir\symlink1mklink C:\testdir\symlink2\filelink.txt C:\testdir\symlink1\file.txtpython -c"import ntpath; print(ntpath.realpath('C:\\testdir\\symlink2\\filelink.txt'))"REM Cleanupicacls C:\testdir\real\file.txt /grant*S-1-5-32-545:(S)rmdir C:\testdir /s /q

Expected output:

C:\testdir\real\file.txt

Actual output:

C:\testdir\symlink1\file.txt

This happens because_getfinalpathname_nonstrict() returns the result of_readlink_deep() if the return value is different from the input.

However, because_readlink_deep() does not ensure that it's result is a final, normalized pathname,ntpath.realpath() result is not ensured to be a final, normalized pathname.

I'll try to come up with a patch.@eryksun, if you have any further discussions or comments on how this should be fixed, please let me know in the comments.

CPython versions tested on:

CPython main branch

Operating systems tested on:

Windows

Linked PRs

• gh-110495: ensurentpath.realpath() result is a final, normalized pathname. #110751