1 files changed, 43 insertions, 0 deletions

diff --git a/0055-verify-the-mount-dir-first-and-then-create-tmpdir.patch b/0055-verify-the-mount-dir-first-and-then-create-tmpdir.patch
new file mode 100644
index 0000000..90caa48
--- /dev/null
+++ b/0055-verify-the-mount-dir-first-and-then-create-tmpdir.patch
@@ -0,0 +1,43 @@
+From 3d38013418d0c5304dfbafcb0b2a5b4062964c53 Mon Sep 17 00:00:00 2001
+From: zhongtao <zhongtao17@huawei.com>
+Date: Wed, 13 Dec 2023 15:13:12 +0800
+Subject: [PATCH 55/64] verify the mount dir first and then create tmpdir
+
+Signed-off-by: zhongtao <zhongtao17@huawei.com>
+---
+ src/utils/tar/util_archive.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
+index 29c2bc03..655b3516 100644
+--- a/src/utils/tar/util_archive.c
++++ b/src/utils/tar/util_archive.c
+@@ -235,6 +235,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
+         return -1;
+     }
+ 
++    // prevent the parent directory from being bind mounted to the subdirectory
++    if (is_parent_directory(dstdir, tmp_dir) == 0) {
++        ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
++        return -1;
++    }
++
+     if (stat(dstdir, &buf) < 0) {
+         SYSERROR("Check chroot dir failed");
+         return -1;
+@@ -255,12 +261,6 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
+         return -1;
+     }
+ 
+-    // prevent the parent directory from being bind mounted to the subdirectory
+-    if (is_parent_directory(dstdir, tmp_dir) == 0) {
+-        ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
+-        return -1;
+-    }
+-
+     if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
+         ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
+         if (util_path_remove(tmp_dir) != 0) {
+-- 
+2.42.0
+