[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 09/25] 9pfs: forbid . and .. in file names
|
From: |
Michael Roth |
|
Subject: |
[Qemu-stable] [PATCH 09/25] 9pfs: forbid . and .. in file names |
|
Date: |
Tue, 20 Sep 2016 12:05:25 -0500 |
From: Greg Kurz <address@hidden>
According to the 9P spec http://man.cat-v.org/plan_9/5/open about the
create request:
The names . and .. are special; it is illegal to create files with these
names.
This patch causes the create and lcreate requests to fail with EINVAL if
the file name is either "." or "..".
Even if it isn't explicitly written in the spec, this patch extends the
checking to all requests that may cause a directory entry to be created:
- mknod
- rename
- renameat
- mkdir
- link
- symlink
The unlinkat request also gets patched for consistency (even if
rmdir("foo/..") is expected to fail according to POSIX.1-2001).
The various error values come from the linux manual pages.
Suggested-by: Peter Maydell <address@hidden>
Signed-off-by: Greg Kurz <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 805b5d98c649d26fc44d2d7755a97f18e62b438a)
Signed-off-by: Michael Roth <address@hidden>
---
hw/9pfs/9p.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 53c466b..1e96427 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1495,6 +1495,11 @@ static void v9fs_lcreate(void *opaque)
goto out_nofid;
}
+ if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+ err = -EEXIST;
+ goto out_nofid;
+ }
+
fidp = get_fid(pdu, dfid);
if (fidp == NULL) {
err = -ENOENT;
@@ -2085,6 +2090,11 @@ static void v9fs_create(void *opaque)
goto out_nofid;
}
+ if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+ err = -EEXIST;
+ goto out_nofid;
+ }
+
fidp = get_fid(pdu, fid);
if (fidp == NULL) {
err = -EINVAL;
@@ -2255,6 +2265,11 @@ static void v9fs_symlink(void *opaque)
goto out_nofid;
}
+ if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+ err = -EEXIST;
+ goto out_nofid;
+ }
+
dfidp = get_fid(pdu, dfid);
if (dfidp == NULL) {
err = -EINVAL;
@@ -2334,6 +2349,11 @@ static void v9fs_link(void *opaque)
goto out_nofid;
}
+ if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+ err = -EEXIST;
+ goto out_nofid;
+ }
+
dfidp = get_fid(pdu, dfid);
if (dfidp == NULL) {
err = -ENOENT;
@@ -2422,6 +2442,16 @@ static void v9fs_unlinkat(void *opaque)
goto out_nofid;
}
+ if (!strcmp(".", name.data)) {
+ err = -EINVAL;
+ goto out_nofid;
+ }
+
+ if (!strcmp("..", name.data)) {
+ err = -ENOTEMPTY;
+ goto out_nofid;
+ }
+
dfidp = get_fid(pdu, dfid);
if (dfidp == NULL) {
err = -EINVAL;
@@ -2534,6 +2564,11 @@ static void v9fs_rename(void *opaque)
goto out_nofid;
}
+ if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+ err = -EISDIR;
+ goto out_nofid;
+ }
+
fidp = get_fid(pdu, fid);
if (fidp == NULL) {
err = -ENOENT;
@@ -2651,6 +2686,12 @@ static void v9fs_renameat(void *opaque)
goto out_err;
}
+ if (!strcmp(".", old_name.data) || !strcmp("..", old_name.data) ||
+ !strcmp(".", new_name.data) || !strcmp("..", new_name.data)) {
+ err = -EISDIR;
+ goto out_err;
+ }
+
v9fs_path_write_lock(s);
err = v9fs_complete_renameat(pdu, olddirfid,
&old_name, newdirfid, &new_name);
@@ -2866,6 +2907,11 @@ static void v9fs_mknod(void *opaque)
goto out_nofid;
}
+ if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+ err = -EEXIST;
+ goto out_nofid;
+ }
+
fidp = get_fid(pdu, fid);
if (fidp == NULL) {
err = -ENOENT;
@@ -3022,6 +3068,11 @@ static void v9fs_mkdir(void *opaque)
goto out_nofid;
}
+ if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+ err = -EEXIST;
+ goto out_nofid;
+ }
+
fidp = get_fid(pdu, fid);
if (fidp == NULL) {
err = -ENOENT;
--
1.9.1
- [Qemu-stable] [PATCH 00/25] Patch Round-up for stable 2.6.2, freeze on 2016-08-26, Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 10/25] 9pfs: handle walk of ".." in the root directory, Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 11/25] virtio: zero vq->inuse in virtio_reset(), Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 12/25] virtio-balloon: discard virtqueue element on reset, Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 14/25] 9pfs: fix potential segfault during walk, Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 09/25] 9pfs: forbid . and .. in file names,
Michael Roth <=
- [Qemu-stable] [PATCH 13/25] vnc: fix qemu crash because of SIGSEGV, Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 22/25] crypto: ensure XTS is only used with ciphers with 16 byte blocks, Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 15/25] scsi: mptsas: use g_new0 to allocate MPTSASRequest object, Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 21/25] scsi: mptconfig: fix misuse of MPTSAS_CONFIG_PACK, Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 18/25] scsi-disk: change disk serial length from 20 to 36, Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 01/25] net: check fragment length during fragmentation, Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 20/25] scsi: mptconfig: fix an assert expression, Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 19/25] vmw_pvscsi: check page count while initialising descriptor rings, Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 24/25] scsi-disk: Cleaning up around tray open state, Michael Roth, 2016/09/20
- [Qemu-stable] [PATCH 02/25] ui: fix refresh of VNC server surface, Michael Roth, 2016/09/20