From 06537129a67cbdced394f514a7d2399c19082f47 Mon Sep 17 00:00:00 2001
From: Nicolas Lacasse <nlacasse@google.com>
Date: Mon, 1 Jul 2019 15:24:18 -0700
Subject: Check remaining traversal limit when creating a file through a
 symlink.

This fixes the case when an app tries to create a file that already exists, and
is a symlink to itself. A test was added.

PiperOrigin-RevId: 256044811
---
 pkg/sentry/syscalls/linux/sys_file.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'pkg/sentry/syscalls')

diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go
index 3ef7441c2..3410af69c 100644
--- a/pkg/sentry/syscalls/linux/sys_file.go
+++ b/pkg/sentry/syscalls/linux/sys_file.go
@@ -354,6 +354,12 @@ func createAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint, mod
 				break
 			}
 
+			// Are we able to resolve further?
+			if remainingTraversals == 0 {
+				found.DecRef()
+				return syscall.ELOOP
+			}
+
 			// Resolve the symlink to a path via Readlink.
 			path, err := found.Inode.Readlink(t)
 			if err != nil {
-- 
cgit v1.2.3