summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
diff options
context:
space:
mode:
authorNicolas Lacasse <nlacasse@google.com>2019-07-08 14:56:09 -0700
committergVisor bot <gvisor-bot@google.com>2019-07-08 14:57:15 -0700
commit6db3f8d54c0225e6b6c3d8eef30b4b61498848b7 (patch)
treeee85d7855e9cd6dde7ee8de443a04e5c0f317ae8 /pkg/sentry
parente45d724948cf03a7aca871971e75f2cfe1a3bc1f (diff)
Don't mask errors in createAt loop.
The error set in the loop in createAt was being masked by other errors declared with ":=". This allowed an ErrResolveViaReadlink error to escape, which can cause a sentry panic. Added test case which repros without the fix. PiperOrigin-RevId: 257061767
Diffstat (limited to 'pkg/sentry')
-rw-r--r--pkg/sentry/syscalls/linux/sys_file.go9
1 files changed, 6 insertions, 3 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go
index eb6f5648f..40722abc2 100644
--- a/pkg/sentry/syscalls/linux/sys_file.go
+++ b/pkg/sentry/syscalls/linux/sys_file.go
@@ -353,7 +353,8 @@ func createAt(t *kernel.Task, dirFD int32, addr usermem.Addr, flags uint, mode l
// No more resolution necessary.
defer resolved.DecRef()
break
- } else if err != fs.ErrResolveViaReadlink {
+ }
+ if err != fs.ErrResolveViaReadlink {
return err
}
@@ -363,15 +364,17 @@ func createAt(t *kernel.Task, dirFD int32, addr usermem.Addr, flags uint, mode l
}
// Resolve the symlink to a path via Readlink.
- path, err := found.Inode.Readlink(t)
+ var path string
+ path, err = found.Inode.Readlink(t)
if err != nil {
break
}
remainingTraversals--
// Get the new parent from the target path.
+ var newParent *fs.Dirent
newParentPath, newName := fs.SplitLast(path)
- newParent, err := t.MountNamespace().FindInode(t, root, parent, newParentPath, &remainingTraversals)
+ newParent, err = t.MountNamespace().FindInode(t, root, parent, newParentPath, &remainingTraversals)
if err != nil {
break
}