Attachment #252345 for bug #342983

View | Details | Raw Unified | Return to bug 342983
Collapse All | Expand All





	save_errno();

	if (dirfd == AT_FDCWD)
	{
		/* dirfd points to CWD, so we reasolv from there */
		if (-1 == canonicalize(pathname, canonic))
			/* see comments in check_syscall() */
			if (ENAMETOOLONG != errno) {
				if (is_env_on(ENV_SANDBOX_DEBUG))
					SB_EINFO("EARLY FAIL", "  %s(%s) @ canonicalize: %s\n",
						func, pathname, strerror(errno));
				return false;
			}
	}
	else 
	{
		/* dirfd does not point to cwd, so we need to resolv it using /proc */
		/* more or less copy-paste from libsandbox.c::before_syscall() */

		size_t at_len = sizeof(canonic) - 1 - 1 - (pathname ? strlen(pathname) : 0);
		sprintf(canonic, "/proc/%i/fd/%i", trace_pid ? : getpid(), dirfd);
		ssize_t ret = readlink(canonic, canonic, at_len);
		if (ret == -1) {
			if (is_env_on(ENV_SANDBOX_DEBUG))
				SB_EINFO("EARLY FAIL", "  %s(%s) @ sb_mkdirat_pre_check,FD_LOOKUP: %s\n",
					func, canonic, strerror(errno));
			/* If the fd isn't found, some guys (glibc) expect errno */
			if (errno == ENOENT)
				errno = EBADF;
			return false;
		}
		canonic[ret] = '/';
		canonic[ret + 1] = '\0';
		strcat(canonic,pathname);
	}

	/* XXX: Hack to prevent errors if the directory exist, and are
	 * not writable - we rather return EEXIST than fail.  This can
- 

Return to bug 342983

Lines 11-25 bool sb_mkdirat_pre_check(const char func, const char pathname, int dirfd) Link Here

(-)a/libsandbox/wrapper-funcs/mkdirat_pre_check.c (-7 / +30 lines)
11		11
12	save_errno();	12	save_errno();
13		13
14	/* XXX: need to check pathname with dirfd */	14	if (dirfd == AT_FDCWD)
15	if (-1 == canonicalize(pathname, canonic))	15	{
16	/* see comments in check_syscall() */	16	/* dirfd points to CWD, so we reasolv from there */
17	if (ENAMETOOLONG != errno) {	17	if (-1 == canonicalize(pathname, canonic))
		18	/* see comments in check_syscall() */
		19	if (ENAMETOOLONG != errno) {
		20	if (is_env_on(ENV_SANDBOX_DEBUG))
		21	SB_EINFO("EARLY FAIL", " %s(%s) @ canonicalize: %s\n",
		22	func, pathname, strerror(errno));
		23	return false;
		24	}
		25	}
		26	else
		27	{
		28	/* dirfd does not point to cwd, so we need to resolv it using /proc */
		29	/* more or less copy-paste from libsandbox.c::before_syscall() */
		30
		31	size_t at_len = sizeof(canonic) - 1 - 1 - (pathname ? strlen(pathname) : 0);
		32	sprintf(canonic, "/proc/%i/fd/%i", trace_pid ? : getpid(), dirfd);
		33	ssize_t ret = readlink(canonic, canonic, at_len);
		34	if (ret == -1) {
18	if (is_env_on(ENV_SANDBOX_DEBUG))	35	if (is_env_on(ENV_SANDBOX_DEBUG))
19	SB_EINFO("EARLY FAIL", " %s(%s) @ canonicalize: %s\n",	36	SB_EINFO("EARLY FAIL", " %s(%s) @ sb_mkdirat_pre_check,FD_LOOKUP: %s\n",
20	func, pathname, strerror(errno));	37	func, canonic, strerror(errno));
		38	/* If the fd isn't found, some guys (glibc) expect errno */
		39	if (errno == ENOENT)
		40	errno = EBADF;
21	return false;	41	return false;
22	}	42	}
		43	canonic[ret] = '/';
		44	canonic[ret + 1] = '\0';
		45	strcat(canonic,pathname);
		46	}
23		47
24	/* XXX: Hack to prevent errors if the directory exist, and are	48	/* XXX: Hack to prevent errors if the directory exist, and are
25	* not writable - we rather return EEXIST than fail. This can	49	* not writable - we rather return EEXIST than fail. This can
26	-