From 45fa8714a1d35e6555083d88a71851ada2aacac4 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Mon, 24 Dec 2012 18:46:29 -0500 Subject: [PATCH] libsandbox: handle open(O_NOFOLLOW) We don't check for O_NOFOLLOW in the open wrappers, so we end up returning the wrong error when operating on broken symlinks. URL: https://bugs.gentoo.org/413441 Reported-by: Marien Zwart Signed-off-by: Mike Frysinger --- libsandbox/wrapper-funcs/__64_post.h | 1 + libsandbox/wrapper-funcs/__64_pre.h | 1 + libsandbox/wrapper-funcs/openat_pre_check.c | 2 +- tests/open-2.sh | 10 ++++++++++ tests/open.at | 1 + 5 files changed, 14 insertions(+), 1 deletion(-) create mode 100755 tests/open-2.sh diff --git a/libsandbox/wrapper-funcs/__64_post.h b/libsandbox/wrapper-funcs/__64_post.h index 2fd2182..82d2a16 100644 --- a/libsandbox/wrapper-funcs/__64_post.h +++ b/libsandbox/wrapper-funcs/__64_post.h @@ -1,3 +1,4 @@ #undef SB64 #undef stat +#undef lstat #undef off_t diff --git a/libsandbox/wrapper-funcs/__64_pre.h b/libsandbox/wrapper-funcs/__64_pre.h index 2132110..0b34b25 100644 --- a/libsandbox/wrapper-funcs/__64_pre.h +++ b/libsandbox/wrapper-funcs/__64_pre.h @@ -1,3 +1,4 @@ #define SB64 #define stat stat64 +#define lstat lstat64 #define off_t off64_t diff --git a/libsandbox/wrapper-funcs/openat_pre_check.c b/libsandbox/wrapper-funcs/openat_pre_check.c index c827ee6..0127708 100644 --- a/libsandbox/wrapper-funcs/openat_pre_check.c +++ b/libsandbox/wrapper-funcs/openat_pre_check.c @@ -29,7 +29,7 @@ bool sb_openat_pre_check(const char *func, const char *pathname, int dirfd, int /* Doesn't exist -> skip permission checks */ struct stat st; - if (-1 == stat(pathname, &st)) { + if (((flags & O_NOFOLLOW) ? lstat(pathname, &st) : stat(pathname, &st)) == -1) { sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", func, pathname, strerror(errno)); return false; -- 1.8.1.2