diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2012-12-24 19:41:49 -0500 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2012-12-24 19:50:59 -0500 |
| commit | dd726dcc6a95355d0e0cc949018d9c8aefc89a02 (patch) | |
| tree | 29a1e76cb27599cc6d7504d41a4c100226375217 /libsandbox/wrapper-funcs/mkdirat_pre_check.c | |
| parent | libsandbox: handle open(O_NOFOLLOW) (diff) | |
| download | sandbox-dd726dcc6a95355d0e0cc949018d9c8aefc89a02.tar.gz sandbox-dd726dcc6a95355d0e0cc949018d9c8aefc89a02.tar.bz2 sandbox-dd726dcc6a95355d0e0cc949018d9c8aefc89a02.zip | |
libsandbox: reject "" paths with *at funcs before checking the dirfd
When it comes to processing errors, an empty path is checked before
an invalid dirfd. Make sure sandbox matches that behavior for the
random testsuites out there that look for this.
URL: https://bugs.gentoo.org/346929
Reported-by: Marien Zwart <marienz@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'libsandbox/wrapper-funcs/mkdirat_pre_check.c')
| -rw-r--r-- | libsandbox/wrapper-funcs/mkdirat_pre_check.c | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/libsandbox/wrapper-funcs/mkdirat_pre_check.c b/libsandbox/wrapper-funcs/mkdirat_pre_check.c index 77a65df..0b48d1f 100644 --- a/libsandbox/wrapper-funcs/mkdirat_pre_check.c +++ b/libsandbox/wrapper-funcs/mkdirat_pre_check.c @@ -1,27 +1,20 @@ /* * mkdir*() pre-check. * - * Copyright 1999-2009 Gentoo Foundation + * Copyright 1999-2012 Gentoo Foundation * Licensed under the GPL-2 */ bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd) { char canonic[SB_PATH_MAX]; - char dirfd_path[SB_PATH_MAX]; save_errno(); - /* Expand the dirfd path first */ - switch (resolve_dirfd_path(dirfd, pathname, dirfd_path, sizeof(dirfd_path))) { - case -1: - sb_debug_dyn("EARLY FAIL: %s(%s) @ resolve_dirfd_path: %s\n", - func, pathname, strerror(errno)); - return false; - case 0: - pathname = dirfd_path; - break; - } + /* Check incoming args against common *at issues */ + char dirfd_path[SB_PATH_MAX]; + if (!sb_common_at_pre_check(func, &pathname, dirfd, dirfd_path, sizeof(dirfd_path))) + return false; /* Then break down any relative/symlink paths */ if (-1 == canonicalize(pathname, canonic)) |