From patchwork Tue Aug 30 15:02:01 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kurz X-Patchwork-Id: 664170 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3sNsKW2zcgz9sBf for ; Wed, 31 Aug 2016 01:06:07 +1000 (AEST) Received: from localhost ([::1]:49577 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bekc1-0007zH-BB for incoming@patchwork.ozlabs.org; Tue, 30 Aug 2016 11:06:05 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53707) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bekYH-0004PL-Bz for qemu-devel@nongnu.org; Tue, 30 Aug 2016 11:02:17 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bekYC-0000e9-An for qemu-devel@nongnu.org; Tue, 30 Aug 2016 11:02:12 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:36263 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bekYC-0000e1-58 for qemu-devel@nongnu.org; Tue, 30 Aug 2016 11:02:08 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id u7UExQIL118535 for ; Tue, 30 Aug 2016 11:02:07 -0400 Received: from e18.ny.us.ibm.com (e18.ny.us.ibm.com [129.33.205.208]) by mx0b-001b2d01.pphosted.com with ESMTP id 255364sban-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Tue, 30 Aug 2016 11:02:07 -0400 Received: from localhost by e18.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 30 Aug 2016 11:02:06 -0400 Received: from d01dlp02.pok.ibm.com (9.56.250.167) by e18.ny.us.ibm.com (146.89.104.205) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 30 Aug 2016 11:02:04 -0400 X-IBM-Helo: d01dlp02.pok.ibm.com X-IBM-MailFrom: groug@kaod.org Received: from b01cxnp23032.gho.pok.ibm.com (b01cxnp23032.gho.pok.ibm.com [9.57.198.27]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 371F66E8045; Tue, 30 Aug 2016 11:01:42 -0400 (EDT) Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u7UF28j312058926; Tue, 30 Aug 2016 15:02:08 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5AD37AC058; Tue, 30 Aug 2016 11:02:03 -0400 (EDT) Received: from bahia.lab.toulouse-stg.fr.ibm.com (unknown [9.101.4.41]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP id 562D6AC06E; Tue, 30 Aug 2016 11:02:01 -0400 (EDT) From: Greg Kurz To: qemu-devel@nongnu.org Date: Tue, 30 Aug 2016 17:02:01 +0200 In-Reply-To: <147256922286.23141.1863740247797922944.stgit@bahia.lab.toulouse-stg.fr.ibm.com> References: <147256922286.23141.1863740247797922944.stgit@bahia.lab.toulouse-stg.fr.ibm.com> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16083015-0044-0000-0000-0000010DCAF4 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00005676; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000184; SDB=6.00751655; UDB=6.00355285; IPR=6.00524459; BA=6.00004680; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00012518; XFM=3.00000011; UTC=2016-08-30 15:02:06 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16083015-0045-0000-0000-00000524D0E7 Message-Id: <147256927252.23141.5129711760312177569.stgit@bahia.lab.toulouse-stg.fr.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-08-30_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1608300145 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-Received-From: 148.163.158.5 Subject: [Qemu-devel] [PATCH v3 2/3] 9pfs: forbid . and .. in file names X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Felix Wilhelm , "Michael S. Tsirkin" , Greg Kurz , P J P , "Aneesh Kumar K.V" Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" According to the 9P spec http://man.cat-v.org/plan_9/5/open about the create request: The names . and .. are special; it is illegal to create files with these names. This patch causes the create and lcreate requests to fail with EINVAL if the file name is either "." or "..". Even if it isn't explicitly written in the spec, this patch extends the checking to all requests that may cause a directory entry to be created: - mknod - rename - renameat - mkdir - link - symlink The unlinkat request also gets patched for consistency (even if rmdir("foo/..") is expected to fail according to POSIX.1-2001). The various error values come from the linux manual pages. Suggested-by: Peter Maydell Signed-off-by: Greg Kurz --- v3: - rename and renameat now return EISDIR instead of EBUSY --- hw/9pfs/9p.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index fe2d27f12ae1..d2614b4a74e9 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -1497,6 +1497,11 @@ static void v9fs_lcreate(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + fidp = get_fid(pdu, dfid); if (fidp == NULL) { err = -ENOENT; @@ -2096,6 +2101,11 @@ static void v9fs_create(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + fidp = get_fid(pdu, fid); if (fidp == NULL) { err = -EINVAL; @@ -2271,6 +2281,11 @@ static void v9fs_symlink(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + dfidp = get_fid(pdu, dfid); if (dfidp == NULL) { err = -EINVAL; @@ -2350,6 +2365,11 @@ static void v9fs_link(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + dfidp = get_fid(pdu, dfid); if (dfidp == NULL) { err = -ENOENT; @@ -2438,6 +2458,16 @@ static void v9fs_unlinkat(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data)) { + err = -EINVAL; + goto out_nofid; + } + + if (!strcmp("..", name.data)) { + err = -ENOTEMPTY; + goto out_nofid; + } + dfidp = get_fid(pdu, dfid); if (dfidp == NULL) { err = -EINVAL; @@ -2550,6 +2580,11 @@ static void v9fs_rename(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EISDIR; + goto out_nofid; + } + fidp = get_fid(pdu, fid); if (fidp == NULL) { err = -ENOENT; @@ -2667,6 +2702,12 @@ static void v9fs_renameat(void *opaque) goto out_err; } + if (!strcmp(".", old_name.data) || !strcmp("..", old_name.data) || + !strcmp(".", new_name.data) || !strcmp("..", new_name.data)) { + err = -EISDIR; + goto out_err; + } + v9fs_path_write_lock(s); err = v9fs_complete_renameat(pdu, olddirfid, &old_name, newdirfid, &new_name); @@ -2882,6 +2923,11 @@ static void v9fs_mknod(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + fidp = get_fid(pdu, fid); if (fidp == NULL) { err = -ENOENT; @@ -3038,6 +3084,11 @@ static void v9fs_mkdir(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + fidp = get_fid(pdu, fid); if (fidp == NULL) { err = -ENOENT;