diff options
| author | Brian Geffon <bgeffon@google.com> | 2018-12-04 14:31:08 -0800 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-12-04 14:32:03 -0800 |
| commit | 82719be42e636f86780d21b01e10ecb2c9a25e53 (patch) | |
| tree | 1c635cae30683e3cdc13a497cf529063ed7f56dc /pkg/sentry/syscalls | |
| parent | adafc08d7cee594ea94abefbedf67ea315922550 (diff) | |
Max link traversals should be for an entire path.
The number of symbolic links that are allowed to be followed
are for a full path and not just a chain of symbolic links.
PiperOrigin-RevId: 224047321
Change-Id: I5e3c4caf66a93c17eeddcc7f046d1e8bb9434a40
Diffstat (limited to 'pkg/sentry/syscalls')
| -rw-r--r-- | pkg/sentry/syscalls/linux/sys_file.go | 11 | ||||
| -rw-r--r-- | pkg/sentry/syscalls/linux/sys_thread.go | 3 |
2 files changed, 9 insertions, 5 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go index 89d21dd98..37c90f6fd 100644 --- a/pkg/sentry/syscalls/linux/sys_file.go +++ b/pkg/sentry/syscalls/linux/sys_file.go @@ -92,10 +92,11 @@ func fileOpOn(t *kernel.Task, dirFD kdefs.FD, path string, resolve bool, fn func root := t.FSContext().RootDirectory() // Lookup the node. + remainingTraversals := uint(linux.MaxSymlinkTraversals) if resolve { - d, err = t.MountNamespace().FindInode(t, root, rel, path, linux.MaxSymlinkTraversals) + d, err = t.MountNamespace().FindInode(t, root, rel, path, &remainingTraversals) } else { - d, err = t.MountNamespace().FindLink(t, root, rel, path, linux.MaxSymlinkTraversals) + d, err = t.MountNamespace().FindLink(t, root, rel, path, &remainingTraversals) } root.DecRef() if wd != nil { @@ -312,7 +313,8 @@ func createAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint, mod fileFlags.LargeFile = true // Does this file exist already? - targetDirent, err := t.MountNamespace().FindInode(t, root, d, name, linux.MaxSymlinkTraversals) + remainingTraversals := uint(linux.MaxSymlinkTraversals) + targetDirent, err := t.MountNamespace().FindInode(t, root, d, name, &remainingTraversals) var newFile *fs.File switch err { case nil: @@ -997,7 +999,8 @@ func mkdirAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, mode linux.FileM } // Does this directory exist already? - f, err := t.MountNamespace().FindInode(t, root, d, name, linux.MaxSymlinkTraversals) + remainingTraversals := uint(linux.MaxSymlinkTraversals) + f, err := t.MountNamespace().FindInode(t, root, d, name, &remainingTraversals) switch err { case nil: // The directory existed. diff --git a/pkg/sentry/syscalls/linux/sys_thread.go b/pkg/sentry/syscalls/linux/sys_thread.go index 9eed613a1..c12693ee2 100644 --- a/pkg/sentry/syscalls/linux/sys_thread.go +++ b/pkg/sentry/syscalls/linux/sys_thread.go @@ -103,7 +103,8 @@ func Execve(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal defer wd.DecRef() // Load the new TaskContext. - tc, err := t.Kernel().LoadTaskImage(t, t.MountNamespace(), root, wd, linux.MaxSymlinkTraversals, filename, argv, envv, t.Arch().FeatureSet()) + maxTraversals := uint(linux.MaxSymlinkTraversals) + tc, err := t.Kernel().LoadTaskImage(t, t.MountNamespace(), root, wd, &maxTraversals, filename, argv, envv, t.Arch().FeatureSet()) if err != nil { return 0, nil, err } |