1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From c78e53edb802d04f7e4e070fe8314f2544749e7a Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <andrew@tridgell.net>
Date: Tue, 26 Nov 2024 09:16:31 +1100
Subject: [PATCH 4/4] disallow ../ elements in relpath for secure_relative_open
---
syscall.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/syscall.c b/syscall.c
index a4b7f542..47c5ea57 100644
--- a/syscall.c
+++ b/syscall.c
@@ -721,6 +721,8 @@ int do_open_nofollow(const char *pathname, int flags)
must be a relative path, and the relpath must not contain any
elements in the path which follow symlinks (ie. like O_NOFOLLOW, but
applies to all path components, not just the last component)
+
+ The relpath must also not contain any ../ elements in the path
*/
int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode)
{
@@ -729,6 +731,11 @@ int secure_relative_open(const char *basedir, const char *relpath, int flags, mo
errno = EINVAL;
return -1;
}
+ if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) {
+ // no ../ elements allowed in the relpath
+ errno = EINVAL;
+ return -1;
+ }
#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY)
// really old system, all we can do is live with the risks
--
2.34.1
|
