Fix #1516, Patch virtual mount point checking

[Levitiku5]

Sponsored by 21Software

Checklist (Please check before submitting)

• I reviewed the Contributing Guide.
• I signed and emailed the appropriate Contributor License Agreement to GSFC-SoftwareRelease@mail.nasa.gov and copied cfs-program@lists.nasa.gov.

Describe the contribution

Reject any paths which might be part of a path traversal attack by matching directory entries such as . and .. at the end of the given path. This hardens a vulnerability where an attacker might be able to write files in unauthorized locations outside of a virtual mount point directory. Fixes #1516.

Testing performed
Steps taken to test the contribution:

1. Built and deployed cFS onto Raspberry Pi 5 using Yocto recipe including this patch. No errors encountered.
2. Verified that cFS starts correctly without issues.
3. Successfully sent an enable telemetry output command.
4. Successfully ran the "Build and Test Standalone OSAL package" release workflow. Coverage is too poor for debug workflow to succeed.
   *Please note that I am new to cFS, and would welcome advice on how to properly test virtual mount point functionality. I'm unsure if I'll be able to contribute unit tests due to lack of time.

Expected behavior changes
A clear and concise description of how this contribution will change behavior and level of impact.

• API Change: N/A
• Behavior Change: Very minimal. Virtual mount point paths containing path traversal characters are now considered invalid.

System(s) tested on

• Hardware: Raspberry Pi 5
• OS: TSEL
• Versions: cFS Aquila (aka OSAL 5.0.0 Release)

Additional context
CVE-2025-25371
NASA cFS version Aquila Software Vulnerability Assessment

Third party code
N/A

Contributor Info - All information REQUIRED for consideration of pull request
Levi Shafter - 21Software