Fix sftp_resolve_path() to return '/' instead of empty string

Also fail early if parsing underruns root.

src/sbbs3/sbbs.h

@@ -305,7 +305,18 @@ extern int	thread_suid_broken;			/* NPTL is no longer broken */
 #include "mqtt.h"
 #if defined(__cplusplus)
 extern "C" {
+/*
+ * MSVC (correctly) warns that flexible arrays are not part of C++
+ * Since these are used in this header, disable the warning
+ */
+#ifdef _MSC_VER
+#pragma warning(push)
+#pragma warning(disable : 4200)
+#endif
 #include "sftp.h"
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
 }
 #endif
 

src/sbbs3/sftp.cpp

@@ -645,12 +645,14 @@ sftp_resolve_path(char *target, const char *path, size_t size)
 {
 	char	*out;
 	char	*p;
+	bool    target_alloced=false;
 
-	if(target==NULL)  {
+	if(target==NULL) {
 		size = MAX_PATH + 1;
 		if((target=(char*)malloc(size))==NULL) {
 			return(NULL);
 		}
+		target_alloced=true;
 	}
 	strncpy(target, path, size);
 	target[size-1] = 0;
@@ -665,8 +667,11 @@ sftp_resolve_path(char *target, const char *path, size_t size)
 			else if(*(out+1)=='.' && *(out+2)=='.' && (*(out+3)=='/' || *(out+3)==0))  {
 				*out=0;
 				p=strrchr(target,'/');
-				if(p==NULL)
-					p=target;
+				if(p==NULL) {
+					if (target_alloced)
+						free(target);
+					return nullptr;
+				}
 				memmove(p,out+3,strlen(out+3)+1);
 				out=p;
 			}
@@ -674,8 +679,10 @@ sftp_resolve_path(char *target, const char *path, size_t size)
 				out++;
 			}
 		}
-		if (!*out)
-			break;
+	}
+	if (size > 1 && *target == 0) {
+		target[0] = '/';
+		target[1] = 0;
 	}
 	return(target);
 }
@@ -700,6 +707,8 @@ sftp_parse_crealpath(sbbs_t *sbbs, const char *filename)
 	else {
 		ret = sftp_resolve_path(nullptr, filename, 0);
 	}
+	if (ret == nullptr)
+		return ret;
 	if (ret[0] == 0) {
 		free(ret);
 		return nullptr;