From f40c6771559b98ff243f8c223a995b2b6226a730 Mon Sep 17 00:00:00 2001
From: Ivan Santiago Paunovic <ivanpauno@ekumenlabs.com>
Date: Thu, 9 Apr 2020 17:23:20 -0300
Subject: [PATCH] Fix security directory lookup for '/' security contexts

Signed-off-by: Ivan Santiago Paunovic <ivanpauno@ekumenlabs.com>
---
 rcl/src/rcl/security.c         |  6 +++---
 rcl/test/rcl/test_security.cpp | 12 ++++++++++++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c
index c35586d8d..820d07ac4 100644
--- a/rcl/src/rcl/security.c
+++ b/rcl/src/rcl/security.c
@@ -111,16 +111,16 @@ char * exact_match_lookup(
 {
   // Perform an exact match for the context name in directory <root dir>.
   char * secure_root = NULL;
+  char * contexts_dir = NULL;
+  contexts_dir = rcutils_join_path(ros_secure_root_env, "contexts", *allocator);
   // "/" case when root namespace is explicitly passed in
   if (0 == strcmp(name, "/")) {
-    secure_root = rcutils_strdup(ros_secure_root_env, *allocator);
+    secure_root = contexts_dir;
   } else {
     char * relative_path = NULL;
-    char * contexts_dir = NULL;
     // Get native path, ignore the leading forward slash
     // TODO(ros2team): remove the hard-coded length, use the length of the root namespace instead
     relative_path = rcutils_to_native_path(name + 1, *allocator);
-    contexts_dir = rcutils_join_path(ros_secure_root_env, "contexts", *allocator);
     secure_root = rcutils_join_path(contexts_dir, relative_path, *allocator);
     allocator->deallocate(relative_path, allocator->state);
     allocator->deallocate(contexts_dir, allocator->state);
diff --git a/rcl/test/rcl/test_security.cpp b/rcl/test/rcl/test_security.cpp
index f1dca19a1..a7b3527fb 100644
--- a/rcl/test/rcl/test_security.cpp
+++ b/rcl/test/rcl/test_security.cpp
@@ -134,6 +134,18 @@ TEST_F(TestGetSecureRoot, failureScenarios) {
   rcl_reset_error();
 }
 
+TEST_F(TestGetSecureRoot, successScenarios_local_root_security_context) {
+  putenv_wrapper(
+    ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "="
+    TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME);
+
+  secure_root = rcl_get_secure_root("/", &allocator);
+  ASSERT_NE(nullptr, secure_root);
+  ASSERT_STREQ(
+    TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME PATH_SEPARATOR "contexts",
+    secure_root);
+}
+
 TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch) {
   putenv_wrapper(
     ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "="