git: 16004e477d38 - stable/13 - lookup(): ensure that openat("/", "..", O_RESOLVE_BENEATH) fails
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 01 May 2023 06:46:09 UTC
The branch stable/13 has been updated by kib:
URL: https://cgit.FreeBSD.org/src/commit/?id=16004e477d387d6a075597ec76f0dc82d02b60db
commit 16004e477d387d6a075597ec76f0dc82d02b60db
Author: Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2023-04-23 23:21:42 +0000
Commit: Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2023-05-01 06:45:28 +0000
lookup(): ensure that openat("/", "..", O_RESOLVE_BENEATH) fails
PR: 269780
(cherry picked from commit a718431c30a57226bc7c1a9181fc84bab00641a1)
---
sys/kern/vfs_lookup.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c
index b7ce93f3702d..7eca6eddd484 100644
--- a/sys/kern/vfs_lookup.c
+++ b/sys/kern/vfs_lookup.c
@@ -1014,12 +1014,16 @@ dirloop:
pr = pr->pr_parent)
if (dp == pr->pr_root)
break;
- if (dp == ndp->ni_rootdir ||
- dp == ndp->ni_topdir ||
- dp == rootvnode ||
- pr != NULL ||
- ((dp->v_vflag & VV_ROOT) != 0 &&
- (cnp->cn_flags & NOCROSSMOUNT) != 0)) {
+ bool isroot = dp == ndp->ni_rootdir ||
+ dp == ndp->ni_topdir || dp == rootvnode ||
+ pr != NULL;
+ if (isroot && (ndp->ni_lcf &
+ NI_LCF_STRICTRELATIVE) != 0) {
+ error = ENOTCAPABLE;
+ goto capdotdot;
+ }
+ if (isroot || ((dp->v_vflag & VV_ROOT) != 0 &&
+ (cnp->cn_flags & NOCROSSMOUNT) != 0)) {
ndp->ni_dvp = dp;
ndp->ni_vp = dp;
VREF(dp);
@@ -1040,6 +1044,7 @@ dirloop:
LK_RETRY, ISDOTDOT));
error = nameicap_check_dotdot(ndp, dp);
if (error != 0) {
+capdotdot:
#ifdef KTRACE
if (KTRPOINT(curthread, KTR_CAPFAIL))
ktrcapfail(CAPFAIL_LOOKUP, NULL, NULL);