Linkat(2) should sanity check flags.

PiperOrigin-RevId: 224047765 Change-Id: I6f3c75b33c32bf8f8910ea3fab35406d7d672d87
author: Brian Geffon <bgeffon@google.com> 2018-12-04 14:33:34 -0800
committer: Shentubot <shentubot@google.com> 2018-12-04 14:34:19 -0800
commit: 2cab0e82ad8c1e38392b8c35aaa65d1121a9e2b2 (patch)
tree: ee9988121f909ffefdbd19355ae28615740491d9
parent: 82719be42e636f86780d21b01e10ecb2c9a25e53 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go
index 37c90f6fd..8673bca0d 100644
--- a/pkg/sentry/syscalls/linux/sys_file.go
+++ b/pkg/sentry/syscalls/linux/sys_file.go
@@ -1251,6 +1251,12 @@ func Linkat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
 	// AT_SYMLINK_FOLLOW can be specified in flags to cause oldpath to be
 	// dereferenced if it is a symbolic link.
 	flags := args[4].Int()
+
+	// Sanity check flags.
+	if flags&^(linux.AT_SYMLINK_FOLLOW|linux.AT_EMPTY_PATH) != 0 {
+		return 0, nil, syserror.EINVAL
+	}
+
 	resolve := flags&linux.AT_SYMLINK_FOLLOW == linux.AT_SYMLINK_FOLLOW
 	allowEmpty := flags&linux.AT_EMPTY_PATH == linux.AT_EMPTY_PATH
author	Brian Geffon <bgeffon@google.com>	2018-12-04 14:33:34 -0800
committer	Shentubot <shentubot@google.com>	2018-12-04 14:34:19 -0800
commit	2cab0e82ad8c1e38392b8c35aaa65d1121a9e2b2 (patch)
tree	ee9988121f909ffefdbd19355ae28615740491d9
parent	82719be42e636f86780d21b01e10ecb2c9a25e53 (diff)