From patchwork Tue Aug 30 17:13:11 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kurz X-Patchwork-Id: 664211 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3sNwB6422Wz9sBf for ; Wed, 31 Aug 2016 03:14:54 +1000 (AEST) Received: from localhost ([::1]:50304 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bemcd-0003b6-JF for incoming@patchwork.ozlabs.org; Tue, 30 Aug 2016 13:14:51 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42007) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bembD-0002NQ-5O for qemu-devel@nongnu.org; Tue, 30 Aug 2016 13:13:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bemb8-0006NL-T3 for qemu-devel@nongnu.org; Tue, 30 Aug 2016 13:13:22 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:37797 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bemb8-0006NH-O5 for qemu-devel@nongnu.org; Tue, 30 Aug 2016 13:13:18 -0400 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id u7UH4hSE128821 for ; Tue, 30 Aug 2016 13:13:18 -0400 Received: from e17.ny.us.ibm.com (e17.ny.us.ibm.com [129.33.205.207]) by mx0a-001b2d01.pphosted.com with ESMTP id 25536b09x5-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Tue, 30 Aug 2016 13:13:18 -0400 Received: from localhost by e17.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 30 Aug 2016 13:13:17 -0400 Received: from d01dlp02.pok.ibm.com (9.56.250.167) by e17.ny.us.ibm.com (146.89.104.204) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 30 Aug 2016 13:13:13 -0400 X-IBM-Helo: d01dlp02.pok.ibm.com X-IBM-MailFrom: groug@kaod.org Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 5D58B6E8040; Tue, 30 Aug 2016 13:12:51 -0400 (EDT) Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com [9.57.199.110]) by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u7UHDCNI14942586; Tue, 30 Aug 2016 17:13:12 GMT Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9342EAE034; Tue, 30 Aug 2016 13:13:12 -0400 (EDT) Received: from bahia.lab.toulouse-stg.fr.ibm.com (unknown [9.101.4.41]) by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTP id A8116AE052; Tue, 30 Aug 2016 13:13:11 -0400 (EDT) From: Greg Kurz To: qemu-devel@nongnu.org Date: Tue, 30 Aug 2016 19:13:11 +0200 In-Reply-To: <147257704749.28515.17213711886150247423.stgit@bahia.lab.toulouse-stg.fr.ibm.com> References: <147257704749.28515.17213711886150247423.stgit@bahia.lab.toulouse-stg.fr.ibm.com> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16083017-0040-0000-0000-00000131BF60 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00005677; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000184; SDB=6.00751698; UDB=6.00355311; IPR=6.00524502; BA=6.00004680; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00012519; XFM=3.00000011; UTC=2016-08-30 17:13:16 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16083017-0041-0000-0000-0000050CCFCB Message-Id: <147257707176.28515.1734765316772223928.stgit@bahia.lab.toulouse-stg.fr.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-08-30_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1608300164 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-Received-From: 148.163.158.5 Subject: [Qemu-devel] [PATCH v4 2/3] 9pfs: forbid . and .. in file names X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Felix Wilhelm , "Michael S. Tsirkin" , Greg Kurz , P J P , "Aneesh Kumar K.V" Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" According to the 9P spec http://man.cat-v.org/plan_9/5/open about the create request: The names . and .. are special; it is illegal to create files with these names. This patch causes the create and lcreate requests to fail with EINVAL if the file name is either "." or "..". Even if it isn't explicitly written in the spec, this patch extends the checking to all requests that may cause a directory entry to be created: - mknod - rename - renameat - mkdir - link - symlink The unlinkat request also gets patched for consistency (even if rmdir("foo/..") is expected to fail according to POSIX.1-2001). The various error values come from the linux manual pages. Suggested-by: Peter Maydell Signed-off-by: Greg Kurz v3: - rename and renameat now return EISDIR instead of EBUSY Reviewed-by: Eric Blake --- hw/9pfs/9p.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 385269ea0ac3..51c6f9883bf8 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -1497,6 +1497,11 @@ static void v9fs_lcreate(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + fidp = get_fid(pdu, dfid); if (fidp == NULL) { err = -ENOENT; @@ -2096,6 +2101,11 @@ static void v9fs_create(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + fidp = get_fid(pdu, fid); if (fidp == NULL) { err = -EINVAL; @@ -2266,6 +2276,11 @@ static void v9fs_symlink(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + dfidp = get_fid(pdu, dfid); if (dfidp == NULL) { err = -EINVAL; @@ -2345,6 +2360,11 @@ static void v9fs_link(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + dfidp = get_fid(pdu, dfid); if (dfidp == NULL) { err = -ENOENT; @@ -2433,6 +2453,16 @@ static void v9fs_unlinkat(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data)) { + err = -EINVAL; + goto out_nofid; + } + + if (!strcmp("..", name.data)) { + err = -ENOTEMPTY; + goto out_nofid; + } + dfidp = get_fid(pdu, dfid); if (dfidp == NULL) { err = -EINVAL; @@ -2545,6 +2575,11 @@ static void v9fs_rename(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EISDIR; + goto out_nofid; + } + fidp = get_fid(pdu, fid); if (fidp == NULL) { err = -ENOENT; @@ -2662,6 +2697,12 @@ static void v9fs_renameat(void *opaque) goto out_err; } + if (!strcmp(".", old_name.data) || !strcmp("..", old_name.data) || + !strcmp(".", new_name.data) || !strcmp("..", new_name.data)) { + err = -EISDIR; + goto out_err; + } + v9fs_path_write_lock(s); err = v9fs_complete_renameat(pdu, olddirfid, &old_name, newdirfid, &new_name); @@ -2877,6 +2918,11 @@ static void v9fs_mknod(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + fidp = get_fid(pdu, fid); if (fidp == NULL) { err = -ENOENT; @@ -3033,6 +3079,11 @@ static void v9fs_mkdir(void *opaque) goto out_nofid; } + if (!strcmp(".", name.data) || !strcmp("..", name.data)) { + err = -EEXIST; + goto out_nofid; + } + fidp = get_fid(pdu, fid); if (fidp == NULL) { err = -ENOENT;