diff options
author | Bob Beck <beck@cvs.openbsd.org> | 2019-07-15 14:56:46 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 2019-07-15 14:56:46 +0000 |
commit | d84caab08d863c01dbc99f4e319f0629d9133b67 (patch) | |
tree | c8ff15ded59f038635729f0507298ebdaa3e2e72 /sys | |
parent | 422c48b838619d2796dee8973524e6fd2a3d8e45 (diff) |
Make realpath posixly correct by changing the kernel implementation
to not succeed on final path components that do not exist.
The original implmentation succeeded in these cases.
ok bluhm@
Diffstat (limited to 'sys')
-rw-r--r-- | sys/kern/vfs_lookup.c | 10 | ||||
-rw-r--r-- | sys/kern/vfs_syscalls.c | 6 |
2 files changed, 7 insertions, 9 deletions
diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c index f8bdbefaa11..df93402034c 100644 --- a/sys/kern/vfs_lookup.c +++ b/sys/kern/vfs_lookup.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_lookup.c,v 1.78 2019/07/08 09:21:10 bluhm Exp $ */ +/* $OpenBSD: vfs_lookup.c,v 1.79 2019/07/15 14:56:45 beck Exp $ */ /* $NetBSD: vfs_lookup.c,v 1.17 1996/02/09 19:00:59 christos Exp $ */ /* @@ -577,12 +577,10 @@ dirloop: printf("not found\n"); #endif /* - * Allow for unveiling or realpath'ing a file in a - * directory where we don't have access to create it - * ourselves + * Allow for unveiling a file in a directory where we + * don't have access to create it ourselves */ - if ((ndp->ni_pledge == PLEDGE_UNVEIL || - (cnp->cn_flags & REALPATH)) && error == EACCES) + if (ndp->ni_pledge == PLEDGE_UNVEIL && error == EACCES) error = EJUSTRETURN; if (error != EJUSTRETURN) diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index b2aa8939001..6d105ae9b16 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.321 2019/07/12 13:56:27 solene Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.322 2019/07/15 14:56:45 beck Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -928,7 +928,7 @@ sys___realpath(struct proc *p, void *v, register_t *retval) NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | SAVENAME | REALPATH, UIO_SYSSPACE, pathname, p); else - NDINIT(&nd, CREATE, FOLLOW | LOCKLEAF | LOCKPARENT | SAVENAME | + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | LOCKPARENT | SAVENAME | REALPATH, UIO_SYSSPACE, pathname, p); nd.ni_cnd.cn_rpbuf = rpbuf; @@ -2083,7 +2083,7 @@ doreadlinkat(struct proc *p, int fd, const char *path, char *buf, NDINITAT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF, UIO_USERSPACE, fd, path, p); nd.ni_pledge = PLEDGE_RPATH; - nd.ni_unveil = UNVEIL_INSPECT; + nd.ni_unveil = UNVEIL_READ; if ((error = namei(&nd)) != 0) return (error); vp = nd.ni_vp; |