3 files changed, 36 insertions, 13 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index f31d6a2bc..5ce380503 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -515,6 +515,7 @@ void copy_file_from_user_to_root(const char *srcname, const char *destname, uid_
 void touch_file_as_user(const char *fname, uid_t uid, gid_t gid, mode_t mode);
 int is_dir(const char *fname);
 int is_link(const char *fname);
+void trim_trailing_slash_or_dot(char *path);
 char *line_remove_spaces(const char *buf);
 char *split_comma(char *str);
 void check_unsigned(const char *str, const char *msg);
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index c3d34e259..602985b4e 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -395,19 +395,8 @@ void fs_whitelist(void) {
                new_name = expand_home(dataptr, cfg.homedir);
                assert(new_name);
-                // trim trailing slashes or dots
+                // remove trailing slashes and single dots
-                char *end = strchr(new_name, '\0');
+                trim_trailing_slash_or_dot(new_name);
-                assert(end);
-                if ((end - new_name) > 1) {
-                        end--;
-                        while (*end == '/' ||
-                              (*end == '.' && *(end - 1) == '/')) {
-                                *end = '\0';
-                                end--;
-                                if (end == new_name)
-                                        break;
-                        }
-                }
                if (arg_debug || arg_debug_whitelists)
                        fprintf(stderr, "Debug %d: new_name #%s#, %s\n", __LINE__, new_name, (nowhitelist_flag)? "nowhitelist": "whitelist");
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 329ae141b..6db92b554 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -425,15 +425,48 @@ int is_link(const char *fname) {
        if (*fname == '\0')
                return 0;
+        char *dup = NULL;
        struct stat s;
        if (lstat(fname, &s) == 0) {
                if (S_ISLNK(s.st_mode))
                        return 1;
+                if (S_ISDIR(s.st_mode)) {
+                        // remove trailing slashes and single dots and try again
+                        dup = strdup(fname);
+                        if (!dup)
+                                errExit("strdup");
+                        trim_trailing_slash_or_dot(dup);
+                        if (lstat(dup, &s) == 0) {
+                                if (S_ISLNK(s.st_mode)) {
+                                        free(dup);
+                                        return 1;
+                                }
+                        }
+                }
        }
+        free(dup);
        return 0;
 }
+// remove all slashes and single dots from the end of a path
+// for example /foo/bar///././. -> /foo/bar
+void trim_trailing_slash_or_dot(char *path) {
+        assert(path);
+        char *end = strchr(path, '\0');
+        assert(end);
+        if ((end - path) > 1) {
+                end--;
+                while (*end == '/' ||
+                      (*end == '.' && *(end - 1) == '/')) {
+                        *end = '\0';
+                        end--;
+                        if (end == path)
+                                break;
+                }
+        }
+}
 // remove multiple spaces and return allocated memory
 char *line_remove_spaces(const char *buf) {