diff options
author | Ayush Ranjan <ayushranjan@google.com> | 2020-09-02 15:39:51 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-09-02 15:43:13 -0700 |
commit | 0ca0d8e0110d284120497569dca1b85d3ec227fe (patch) | |
tree | cef40a4ec08c0ae2d6a07591d5c7dc8d03f59cb5 /pkg/sentry | |
parent | 5c6601120067299d521a64d4268050bbf3fb6a61 (diff) |
[vfs] Fix error handling in overlayfs OpenAt.
Updates #1199
PiperOrigin-RevId: 329802274
Diffstat (limited to 'pkg/sentry')
-rw-r--r-- | pkg/sentry/fsimpl/overlay/filesystem.go | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/pkg/sentry/fsimpl/overlay/filesystem.go b/pkg/sentry/fsimpl/overlay/filesystem.go index e720bfb0b..63df86481 100644 --- a/pkg/sentry/fsimpl/overlay/filesystem.go +++ b/pkg/sentry/fsimpl/overlay/filesystem.go @@ -743,6 +743,9 @@ func (fs *filesystem) OpenAt(ctx context.Context, rp *vfs.ResolvingPath, opts vf start := rp.Start().Impl().(*dentry) if rp.Done() { + if mayCreate && rp.MustBeDir() { + return nil, syserror.EISDIR + } if mustCreate { return nil, syserror.EEXIST } @@ -766,6 +769,10 @@ afterTrailingSymlink: if err := parent.checkPermissions(rp.Credentials(), vfs.MayExec); err != nil { return nil, err } + // Reject attempts to open directories with O_CREAT. + if mayCreate && rp.MustBeDir() { + return nil, syserror.EISDIR + } // Determine whether or not we need to create a file. parent.dirMu.Lock() child, err := fs.stepLocked(ctx, rp, parent, false /* mayFollowSymlinks */, &ds) @@ -774,12 +781,11 @@ afterTrailingSymlink: parent.dirMu.Unlock() return fd, err } + parent.dirMu.Unlock() if err != nil { - parent.dirMu.Unlock() return nil, err } // Open existing child or follow symlink. - parent.dirMu.Unlock() if mustCreate { return nil, syserror.EEXIST } @@ -794,6 +800,9 @@ afterTrailingSymlink: start = parent goto afterTrailingSymlink } + if rp.MustBeDir() && !child.isDir() { + return nil, syserror.ENOTDIR + } if mayWrite { if err := child.copyUpLocked(ctx); err != nil { return nil, err |