summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/syscalls/linux
diff options
context:
space:
mode:
authorNicolas Lacasse <nlacasse@google.com>2019-07-01 15:24:18 -0700
committergVisor bot <gvisor-bot@google.com>2019-07-01 15:25:22 -0700
commit06537129a67cbdced394f514a7d2399c19082f47 (patch)
tree2c925f789c745f661c4000c4084309144ea576ad /pkg/sentry/syscalls/linux
parent3446f4e29bd547e5576caf16d8c2bb45560439e9 (diff)
Check remaining traversal limit when creating a file through a symlink.
This fixes the case when an app tries to create a file that already exists, and is a symlink to itself. A test was added. PiperOrigin-RevId: 256044811
Diffstat (limited to 'pkg/sentry/syscalls/linux')
-rw-r--r--pkg/sentry/syscalls/linux/sys_file.go6
1 files changed, 6 insertions, 0 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go
index 3ef7441c2..3410af69c 100644
--- a/pkg/sentry/syscalls/linux/sys_file.go
+++ b/pkg/sentry/syscalls/linux/sys_file.go
@@ -354,6 +354,12 @@ func createAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint, mod
break
}
+ // Are we able to resolve further?
+ if remainingTraversals == 0 {
+ found.DecRef()
+ return syscall.ELOOP
+ }
+
// Resolve the symlink to a path via Readlink.
path, err := found.Inode.Readlink(t)
if err != nil {