From 4573e7d863d59d59c6a4f72f396f72b0f6458cb2 Mon Sep 17 00:00:00 2001
From: Dean Deng <deandeng@google.com>
Date: Mon, 22 Jun 2020 11:38:25 -0700
Subject: Check for invalid trailing / when traversing path in gofer OpenAt.

Updates #2923.

PiperOrigin-RevId: 317700049
---
 pkg/sentry/fsimpl/gofer/filesystem.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'pkg/sentry/fsimpl/gofer/filesystem.go')

diff --git a/pkg/sentry/fsimpl/gofer/filesystem.go b/pkg/sentry/fsimpl/gofer/filesystem.go
index 5501781ac..f065c4bad 100644
--- a/pkg/sentry/fsimpl/gofer/filesystem.go
+++ b/pkg/sentry/fsimpl/gofer/filesystem.go
@@ -767,15 +767,17 @@ afterTrailingSymlink:
 		parent.dirMu.Unlock()
 		return fd, err
 	}
+	parent.dirMu.Unlock()
 	if err != nil {
-		parent.dirMu.Unlock()
 		return nil, err
 	}
-	// Open existing child or follow symlink.
-	parent.dirMu.Unlock()
 	if mustCreate {
 		return nil, syserror.EEXIST
 	}
+	if !child.isDir() && rp.MustBeDir() {
+		return nil, syserror.ENOTDIR
+	}
+	// Open existing child or follow symlink.
 	if child.isSymlink() && rp.ShouldFollowSymlink() {
 		target, err := child.readlink(ctx, rp.Mount())
 		if err != nil {
-- 
cgit v1.2.3