aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Gilbert <floppym@gentoo.org>2024-01-08 14:59:35 -0500
committerMike Gilbert <floppym@gentoo.org>2024-01-08 15:04:09 -0500
commitef9208bea4e0f0dff5abf358002565f36e4d7a8d (patch)
tree1659b3aac87b4f0d87f4cd80c4e4befd3c061889
parentsrc: fix -Wold-style-declaration (diff)
downloadsandbox-ef9208bea4e0f0dff5abf358002565f36e4d7a8d.tar.gz
sandbox-ef9208bea4e0f0dff5abf358002565f36e4d7a8d.tar.bz2
sandbox-ef9208bea4e0f0dff5abf358002565f36e4d7a8d.zip
libsandbox: stat the original path for EEXIST hackaround
Resolves an issue that can occur with paths that contain parent directory references (/../). If part of the path does not exist, the sandboxed program should get ENOENT, not EEXIST. If we use the canonicalized path, intermediate paths will be eliminated and we produce the wrong result. Bug: https://bugs.gentoo.org/921581 Signed-off-by: Mike Gilbert <floppym@gentoo.org>
-rw-r--r--libsandbox/pre_check_mkdirat.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libsandbox/pre_check_mkdirat.c b/libsandbox/pre_check_mkdirat.c
index b1e86cf..49c382a 100644
--- a/libsandbox/pre_check_mkdirat.c
+++ b/libsandbox/pre_check_mkdirat.c
@@ -37,7 +37,7 @@ bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd)
* will trigger a sandbox violation.
*/
struct stat64 st;
- if (0 == lstat64(canonic, &st)) {
+ if (0 == lstat64(pathname, &st)) {
int new_errno;
sb_debug_dyn("EARLY FAIL: %s(%s[%s]) @ lstat: %s\n",
func, pathname, canonic, strerror(errno));