Do not allow to use O_BENEATH as an oracle.

Specifically, if lookup() returned any error and the topping directory was not latched, which means that (non-existent) path did not returned to the topping location, give ENOTCAPABLE a priority over the lookup() error. PR: 249960 Reviewed by: emaste, ngie Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D26695
2020-10-08 22:31:11 +00:00 · 2020-10-08 22:31:11 +00:00 · 4ea4966009
commit 4ea4966009
parent 9470013f5a
1 changed files with 10 additions and 1 deletions
--- a/sys/kern/vfs_lookup.c
+++ b/sys/kern/vfs_lookup.c
@ -595,8 +595,17 @@ namei(struct nameidata *ndp)
 	for (;;) {
 		ndp->ni_startdir = dp;
 		error = lookup(ndp);
-		if (error != 0)
+		if (error != 0) {
+			/*
+			 * Override an error to not allow user to use
+			 * BENEATH as an oracle.
+			 */
+			if ((ndp->ni_lcf & (NI_LCF_LATCH |
+			    NI_LCF_BENEATH_LATCHED)) == NI_LCF_LATCH)
+				error = ENOTCAPABLE;
 			goto out;
+		}
+
 		/*
 		 * If not a symbolic link, we're done.
 		 */