From patchwork Fri Aug 26 15:07:18 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kurz X-Patchwork-Id: 663140 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3sLPZb2Fwpz9sdg for ; Sat, 27 Aug 2016 01:08:55 +1000 (AEST) Received: from localhost ([::1]:60928 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bdIkX-0003eC-31 for incoming@patchwork.ozlabs.org; Fri, 26 Aug 2016 11:08:53 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44538) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bdIjG-0001wB-Fb for qemu-devel@nongnu.org; Fri, 26 Aug 2016 11:07:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bdIjA-0002ek-Fy for qemu-devel@nongnu.org; Fri, 26 Aug 2016 11:07:33 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:42646) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bdIjA-0002ef-7f for qemu-devel@nongnu.org; Fri, 26 Aug 2016 11:07:28 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id u7QF5QLO075227 for ; Fri, 26 Aug 2016 11:07:27 -0400 Received: from e34.co.us.ibm.com (e34.co.us.ibm.com [32.97.110.152]) by mx0a-001b2d01.pphosted.com with ESMTP id 252b0dk6ff-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Fri, 26 Aug 2016 11:07:27 -0400 Received: from localhost by e34.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 26 Aug 2016 09:07:25 -0600 Received: from d03dlp01.boulder.ibm.com (9.17.202.177) by e34.co.us.ibm.com (192.168.1.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 26 Aug 2016 09:07:21 -0600 X-IBM-Helo: d03dlp01.boulder.ibm.com X-IBM-MailFrom: groug@kaod.org Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by d03dlp01.boulder.ibm.com (Postfix) with ESMTP id 301EF1FF002E; Fri, 26 Aug 2016 09:07:03 -0600 (MDT) Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u7QF7Ldn14877052; Fri, 26 Aug 2016 08:07:21 -0700 Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F2A08BE038; Fri, 26 Aug 2016 09:07:20 -0600 (MDT) Received: from bahia.lan (unknown [9.167.235.232]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP id 5693EBE039; Fri, 26 Aug 2016 09:07:19 -0600 (MDT) From: Greg Kurz To: qemu-devel@nongnu.org Date: Fri, 26 Aug 2016 17:07:18 +0200 In-Reply-To: <147222401281.18925.1894824578752486297.stgit@bahia.lan> References: <147222401281.18925.1894824578752486297.stgit@bahia.lan> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16082615-0016-0000-0000-000004840EC7 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00005643; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000183; SDB=6.00750026; UDB=6.00354182; IPR=6.00522663; BA=6.00004676; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00012476; XFM=3.00000011; UTC=2016-08-26 15:07:23 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16082615-0017-0000-0000-0000325CC097 Message-Id: <147222403811.18925.983476973845584327.stgit@bahia.lan> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-08-26_11:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1608260194 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-Received-From: 148.163.156.1 Subject: [Qemu-devel] [PATCH v2 3/5] 9p: forbid . and .. in file names X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Felix Wilhelm , "Michael S. Tsirkin" , Greg Kurz , P J P , "Aneesh Kumar K.V" Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" According to the 9P spec http://man.cat-v.org/plan_9/5/open about the create request: The names . and .. are special; it is illegal to create files with these names. This patch causes the create and lcreate requests to fail with EINVAL if the file name is either "." or "..". Even if it isn't explicitly written in the spec, this patch extends the checking to all requests that may cause a filename to be created: - mknod - rename - renameat - mkdir - link - symlink The unlinkat request also gets patched for consistency (even if rmdir("foo/..") is expected to fail according to POSIX.1-2001). The various error values come from the linux manual pages. Suggested-by: Peter Maydell Signed-off-by: Greg Kurz --- hw/9pfs/9p.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index dba11773699b..f4184cae805f 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -1497,6 +1497,11 @@ static void v9fs_lcreate(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + fidp = get_fid(pdu, dfid); if (fidp == NULL) { err = -ENOENT; @@ -2096,6 +2101,11 @@ static void v9fs_create(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + fidp = get_fid(pdu, fid); if (fidp == NULL) { err = -EINVAL; @@ -2266,6 +2276,11 @@ static void v9fs_symlink(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + dfidp = get_fid(pdu, dfid); if (dfidp == NULL) { err = -EINVAL; @@ -2345,6 +2360,11 @@ static void v9fs_link(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + dfidp = get_fid(pdu, dfid); if (dfidp == NULL) { err = -ENOENT; @@ -2433,6 +2453,16 @@ static void v9fs_unlinkat(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data)) { + err = -EINVAL; + goto out_nofid; + } + + if (!strcmp("..", name.data)) { + err = -ENOTEMPTY; + goto out_nofid; + } + dfidp = get_fid(pdu, dfid); if (dfidp == NULL) { err = -EINVAL; @@ -2545,6 +2575,11 @@ static void v9fs_rename(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EBUSY; + goto out_nofid; + } + fidp = get_fid(pdu, fid); if (fidp == NULL) { err = -ENOENT; @@ -2662,6 +2697,12 @@ static void v9fs_renameat(void *opaque) goto out_err; } + if (!strcmp(".", old_name.data) || !strcmp("..", old_name.data) || + !strcmp(".", new_name.data) || !strcmp("..", new_name.data)) { + err = -EBUSY; + goto out_err; + } + v9fs_path_write_lock(s); err = v9fs_complete_renameat(pdu, olddirfid, &old_name, newdirfid, &new_name); @@ -2877,6 +2918,11 @@ static void v9fs_mknod(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + fidp = get_fid(pdu, fid); if (fidp == NULL) { err = -ENOENT; @@ -3033,6 +3079,11 @@ static void v9fs_mkdir(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + fidp = get_fid(pdu, fid); if (fidp == NULL) { err = -ENOENT;