[gentoo-commits] proj/sandbox:stable-2.x commit in: tests/, libsandbox/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] proj/sandbox:stable-2.x commit in: tests/, libsandbox/
@ 2024-06-27 15:25 Mike Gilbert
  0 siblings, 0 replies; only message in thread
From: Mike Gilbert @ 2024-06-27 15:25 UTC (permalink / raw
  To: gentoo-commits

commit:     4b40e4489a7793d888ae55ecbb3ca560889a5a14
Author:     Aliaksei Urbanski <aliaksei.urbanski <AT> gmail <DOT> com>
AuthorDate: Thu Jun 27 03:51:47 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Jun 27 15:24:50 2024 +0000
URL:        https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=4b40e448

libsandbox: fix violations where ENOENT is expected

These changes revert f7d02c04 that aimed to resolve 921581 and
fix it in a way that doesn't cause unwanted sandbox violations.

Bug: https://bugs.gentoo.org/921581
Signed-off-by: Aliaksei Urbanski <aliaksei.urbanski <AT> gmail.com>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit de4f57761821e3d97e841a99af38768ee9605633)

 libsandbox/pre_check_mkdirat.c | 8 +++++---
 tests/mkdirat-3.sh             | 2 ++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/libsandbox/pre_check_mkdirat.c b/libsandbox/pre_check_mkdirat.c
index 49c382a..c717576 100644
--- a/libsandbox/pre_check_mkdirat.c
+++ b/libsandbox/pre_check_mkdirat.c
@@ -37,15 +37,17 @@ bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd)
 	 * will trigger a sandbox violation.
 	 */
 	struct stat64 st;
-	if (0 == lstat64(pathname, &st)) {
+	if (0 == lstat64(canonic, &st)) {
 		int new_errno;
 		sb_debug_dyn("EARLY FAIL: %s(%s[%s]) @ lstat: %s\n",
 			func, pathname, canonic, strerror(errno));
 
 		new_errno = EEXIST;
 
-		/* Hmm, is this a broken symlink we're trying to extend ? */
-		if (S_ISLNK(st.st_mode) && stat64(pathname, &st) != 0) {
+		/* Hmm, is this a broken symlink we're trying to extend ?
+		 * Or is this a path like "foo/.." ?
+		 */
+		if (stat64(pathname, &st) != 0) {
 			/* XXX: This awful hack should probably be turned into a
 			 * common func that does a better job.  For now, we have
 			 * enough crap to catch gnulib tests #297026.

diff --git a/tests/mkdirat-3.sh b/tests/mkdirat-3.sh
index fe20579..8292af9 100755
--- a/tests/mkdirat-3.sh
+++ b/tests/mkdirat-3.sh
@@ -4,4 +4,6 @@
 set -e
 mkdirat-0 -1,ENOENT .:O_DIRECTORY '' 0
 
+mkdirat-0 -1,ENOENT .:O_DIRECTORY 'foo/..' 0
+
 mkdirat-0 -1,ENOENT -3 '' 0


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2024-06-27 15:25 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-27 15:25 [gentoo-commits] proj/sandbox:stable-2.x commit in: tests/, libsandbox/ Mike Gilbert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox