diff options
| author |   beck <beck@openbsd.org> | 2019-07-15 14:56:45 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2019-07-15 14:56:45 +0000 |
| commit | ed4045046de2731d7b4ca2d71cdd23a7cce7ee16 (patch) | |
| tree | 77fb9b03834b3844feb59f7e71ef481438329fd9 | |
| parent | support PKCS8 as an optional format for storage of private keys, (diff) | |
| download | wireguard-openbsd-ed4045046de2731d7b4ca2d71cdd23a7cce7ee16.tar.xz wireguard-openbsd-ed4045046de2731d7b4ca2d71cdd23a7cce7ee16.zip | |
Make realpath posixly correct by changing the kernel implementation
to not succeed on final path components that do not exist.
The original implmentation succeeded in these cases.
ok bluhm@
| -rw-r--r-- | sys/kern/vfs_lookup.c | 10 | ||||
| -rw-r--r-- | sys/kern/vfs_syscalls.c | 6 |
2 files changed, 7 insertions, 9 deletions
diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c index f8bdbefaa11..df93402034c 100644 --- a/sys/kern/vfs_lookup.c +++ b/sys/kern/vfs_lookup.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_lookup.c,v 1.78 2019/07/08 09:21:10 bluhm Exp $ */ +/* $OpenBSD: vfs_lookup.c,v 1.79 2019/07/15 14:56:45 beck Exp $ */ /* $NetBSD: vfs_lookup.c,v 1.17 1996/02/09 19:00:59 christos Exp $ */ /* @@ -577,12 +577,10 @@ dirloop: printf("not found\n"); #endif /* - * Allow for unveiling or realpath'ing a file in a - * directory where we don't have access to create it - * ourselves + * Allow for unveiling a file in a directory where we + * don't have access to create it ourselves */ - if ((ndp->ni_pledge == PLEDGE_UNVEIL || - (cnp->cn_flags & REALPATH)) && error == EACCES) + if (ndp->ni_pledge == PLEDGE_UNVEIL && error == EACCES) error = EJUSTRETURN; if (error != EJUSTRETURN) diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index b2aa8939001..6d105ae9b16 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.321 2019/07/12 13:56:27 solene Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.322 2019/07/15 14:56:45 beck Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -928,7 +928,7 @@ sys___realpath(struct proc *p, void *v, register_t *retval) NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | SAVENAME | REALPATH, UIO_SYSSPACE, pathname, p); else - NDINIT(&nd, CREATE, FOLLOW | LOCKLEAF | LOCKPARENT | SAVENAME | + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | LOCKPARENT | SAVENAME | REALPATH, UIO_SYSSPACE, pathname, p); nd.ni_cnd.cn_rpbuf = rpbuf; @@ -2083,7 +2083,7 @@ doreadlinkat(struct proc *p, int fd, const char *path, char *buf, NDINITAT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF, UIO_USERSPACE, fd, path, p); nd.ni_pledge = PLEDGE_RPATH; - nd.ni_unveil = UNVEIL_INSPECT; + nd.ni_unveil = UNVEIL_READ; if ((error = namei(&nd)) != 0) return (error); vp = nd.ni_vp; |