On Sun, Feb 26, 2017 at 11:42:03PM +0100, Greg Kurz wrote:
> +int openat_nofollow(int dirfd, const char *path, int flags, mode_t mode)
> +{
> + int fd;
> +
> + fd = dup(dirfd);
> + if (fd == -1) {
> + return -1;
> + }
> +
> + while (*path) {
> + const char *c;
> + int next_fd;
> + char *head;
> +
> + head = g_strdup(path);
> + c = strchr(path, '/');
> + if (c) {
> + head[c - path] = 0;
> + next_fd = openat_dir(fd, head);
> + } else {
> + next_fd = openat_file(fd, head, flags, mode);
> + }
> + g_free(head);
> + if (next_fd == -1) {
> + close_preserve_errno(fd);
> + return -1;
> + }
> + close(fd);
> + fd = next_fd;
> +
> + if (!c) {
> + break;
> + }
> + path = c + 1;
> + }
> +
> + return fd;
> +}
If I understand the Linux openat(2) implementation correctly this
function fails with ENOENT if:
1. An absolute path is given
2. A path contains consecutive slashes ("a///b")
Both of these behaviors are problematic. If the function doesn't
support absolute paths it should be called relative_openat_nofollow()
and have an error if path[0] == '/'.
I believe guests can pass in paths with consecutive slashes, so the
function must cope with them.
signature.asc
Description: PGP signature
