diff options
| author | CoprDistGit <infra@openeuler.org> | 2024-01-20 09:57:05 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2024-01-20 09:57:05 +0000 |
| commit | c56563a5cfb85fcba9f28dd1df9647037eb2931e (patch) | |
| tree | 82e936c48ac53d5a05ac395f897e421a743f8023 /0053-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch | |
| parent | 8c7a257a80c20ee3fae444f9e3d670a86dca161f (diff) | |
automatic import of iSuladopeneuler23.09openeuler22.03_LTS_SP2
Diffstat (limited to '0053-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch')
| -rw-r--r-- | 0053-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/0053-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch b/0053-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch new file mode 100644 index 0000000..9876957 --- /dev/null +++ b/0053-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch @@ -0,0 +1,58 @@ +From 05117ed2887ee1535978170cd06596ee015951f4 Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Tue, 12 Dec 2023 20:26:30 +0800 +Subject: [PATCH 53/64] prevent the parent dir from being bind mounted to the + subdir + +Signed-off-by: zhongtao <zhongtao17@huawei.com> +--- + src/utils/tar/util_archive.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index e8fad391..29c2bc03 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -182,6 +182,26 @@ unlock_out: + return ret; + } + ++static int is_parent_directory(const char *parent_path, const char *child_path) ++{ ++ size_t parent_len = strlen(parent_path); ++ size_t child_len = strlen(child_path); ++ ++ if (parent_len == 0 || child_len == 0 || parent_len >= child_len) { ++ return -1; ++ } ++ ++ if (strncmp(parent_path, child_path, parent_len) != 0) { ++ return -1; ++ } ++ ++ if (child_path[parent_len] != '/') { ++ return -1; ++ } ++ ++ return 0; ++} ++ + static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, char **safe_dir) + { + struct stat buf; +@@ -235,6 +255,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch + return -1; + } + ++ // prevent the parent directory from being bind mounted to the subdirectory ++ if (is_parent_directory(dstdir, tmp_dir) == 0) { ++ ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir); ++ return -1; ++ } ++ + if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) { + ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir); + if (util_path_remove(tmp_dir) != 0) { +-- +2.42.0 + |