aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'libsandbox/wrapper-funcs/mkdirat_pre_check.c')
-rw-r--r--libsandbox/wrapper-funcs/mkdirat_pre_check.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/libsandbox/wrapper-funcs/mkdirat_pre_check.c b/libsandbox/wrapper-funcs/mkdirat_pre_check.c
index c999e46..d037546 100644
--- a/libsandbox/wrapper-funcs/mkdirat_pre_check.c
+++ b/libsandbox/wrapper-funcs/mkdirat_pre_check.c
@@ -8,10 +8,23 @@
bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd)
{
char canonic[SB_PATH_MAX];
+ char dirfd_path[SB_PATH_MAX];
save_errno();
- /* XXX: need to check pathname with dirfd */
+ /* Expand the dirfd path first */
+ switch (resolve_dirfd_path(dirfd, pathname, dirfd_path)) {
+ case -1:
+ if (is_env_on(ENV_SANDBOX_DEBUG))
+ SB_EINFO("EARLY FAIL", " %s(%s) @ resolve_dirfd_path: %s\n",
+ func, pathname, strerror(errno));
+ return false;
+ case 0:
+ pathname = dirfd_path;
+ break;
+ }
+
+ /* Then break down any relative/symlink paths */
if (-1 == canonicalize(pathname, canonic))
/* see comments in check_syscall() */
if (ENAMETOOLONG != errno) {