d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mqueuefs: Do not allow manipulation of the pseudo-dirents "." and ".."

Browse Source 
"." and ".." names are not maintained in the mqueuefs dirent datastructure and
cannot be opened as mqueues.  Creating or removing them is invalid; return
EINVAL instead of crashing.

PR:		236836
Submitted by:	Torbjørn Birch Moltu <t.b.moltu AT lyse.net>
Discussed with:	jilles (earlier version)
This commit is contained in:
Conrad Meyer 2019-05-21 21:26:14 +00:00
parent 35131b4616
commit 45d314c556
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/kern/uipc_mqueue.c
View File

@ -2042,6 +2042,12 @@ kern_kmq_open(struct thread *td, const char *upath, int flags, mode_t mode,
len = strlen(path);
if (len < 2 || path[0] != '/' || strchr(path + 1, '/') != NULL)
return (EINVAL);
/*
* "." and ".." are magic directories, populated on the fly, and cannot
* be opened as queues.
*/
if (strcmp(path, "/.") == 0 || strcmp(path, "/..") == 0)
return (EINVAL);
AUDIT_ARG_UPATH1_CANON(path);
error = falloc(td, &fp, &fd, O_CLOEXEC);
@ -2142,6 +2148,8 @@ sys_kmq_unlink(struct thread *td, struct kmq_unlink_args *uap)
len = strlen(path);
if (len < 2 || path[0] != '/' || strchr(path + 1, '/') != NULL)
return (EINVAL);
if (strcmp(path, "/.") == 0 || strcmp(path, "/..") == 0)
return (EINVAL);
AUDIT_ARG_UPATH1_CANON(path);
sx_xlock(&mqfs_data.mi_lock);