map path resolution errors to Permission errors

this way the affected paths will be ignored in WebDAV

Fixes #432

sftpd/sftpd_test.go

@@ -1365,9 +1365,7 @@ func TestEscapeHomeDir(t *testing.T) {
 		_, err := client.ReadDir(testDir)
 		assert.Error(t, err, "reading a symbolic link outside home dir should not succeeded")
 		err = client.Chmod(path.Join(testDir, "sub", "dir"), os.ModePerm)
-		if assert.Error(t, err) {
-			assert.Contains(t, err.Error(), "SSH_FX_FAILURE")
-		}
+		assert.ErrorIs(t, err, os.ErrPermission)
 		assert.Error(t, err, "setstat on a file outside home dir must fail")
 		testFilePath := filepath.Join(homeBasePath, testFileName)
 		testFileSize := int64(65535)

vfs/osfs.go

@@ -22,6 +22,14 @@ const (
 	osFsName = "osfs"
 )
 
+type pathResolutionError struct {
+	err string
+}
+
+func (e *pathResolutionError) Error() string {
+	return fmt.Sprintf("Path resolution error: %s", e.err)
+}
+
 // OsFs is a Fs implementation that uses functions provided by the os package.
 type OsFs struct {
 	name         string
@@ -180,6 +188,10 @@ func (*OsFs) IsNotExist(err error) bool {
 // IsPermission returns a boolean indicating whether the error is known to
 // report that permission is denied.
 func (*OsFs) IsPermission(err error) bool {
+	if _, ok := err.(*pathResolutionError); ok {
+		return true
+	}
+
 	return os.IsPermission(err)
 }
 
@@ -367,7 +379,7 @@ func (fs *OsFs) isSubDir(sub string) error {
 	}
 	if len(sub) < len(parent) {
 		err = fmt.Errorf("path %#v is not inside %#v", sub, parent)
-		return err
+		return &pathResolutionError{err: err.Error()}
 	}
 	separator := string(os.PathSeparator)
 	if parent == filepath.Dir(parent) {
@@ -377,7 +389,7 @@ func (fs *OsFs) isSubDir(sub string) error {
 	}
 	if !strings.HasPrefix(sub, parent+separator) {
 		err = fmt.Errorf("path %#v is not inside %#v", sub, parent)
-		return err
+		return &pathResolutionError{err: err.Error()}
 	}
 	return nil
 }