Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 1 May 2023 06:46:09 GMT
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 16004e477d38 - stable/13 - lookup(): ensure that openat("/", "..", O_RESOLVE_BENEATH) fails
Message-ID:  <202305010646.3416k9Lu030214@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/13 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=16004e477d387d6a075597ec76f0dc82d02b60db

commit 16004e477d387d6a075597ec76f0dc82d02b60db
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2023-04-23 23:21:42 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2023-05-01 06:45:28 +0000

    lookup(): ensure that openat("/", "..", O_RESOLVE_BENEATH) fails
    
    PR:     269780
    
    (cherry picked from commit a718431c30a57226bc7c1a9181fc84bab00641a1)
---
 sys/kern/vfs_lookup.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c
index b7ce93f3702d..7eca6eddd484 100644
--- a/sys/kern/vfs_lookup.c
+++ b/sys/kern/vfs_lookup.c
@@ -1014,12 +1014,16 @@ dirloop:
 			     pr = pr->pr_parent)
 				if (dp == pr->pr_root)
 					break;
-			if (dp == ndp->ni_rootdir || 
-			    dp == ndp->ni_topdir || 
-			    dp == rootvnode ||
-			    pr != NULL ||
-			    ((dp->v_vflag & VV_ROOT) != 0 &&
-			     (cnp->cn_flags & NOCROSSMOUNT) != 0)) {
+			bool isroot = dp == ndp->ni_rootdir ||
+			    dp == ndp->ni_topdir || dp == rootvnode ||
+			    pr != NULL;
+			if (isroot && (ndp->ni_lcf &
+			    NI_LCF_STRICTRELATIVE) != 0) {
+				error = ENOTCAPABLE;
+				goto capdotdot;
+			}
+			if (isroot || ((dp->v_vflag & VV_ROOT) != 0 &&
+			    (cnp->cn_flags & NOCROSSMOUNT) != 0)) {
 				ndp->ni_dvp = dp;
 				ndp->ni_vp = dp;
 				VREF(dp);
@@ -1040,6 +1044,7 @@ dirloop:
 			    LK_RETRY, ISDOTDOT));
 			error = nameicap_check_dotdot(ndp, dp);
 			if (error != 0) {
+capdotdot:
 #ifdef KTRACE
 				if (KTRPOINT(curthread, KTR_CAPFAIL))
 					ktrcapfail(CAPFAIL_LOOKUP, NULL, NULL);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202305010646.3416k9Lu030214>