diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2019-01-14 04:02:40 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2019-01-14 04:02:40 +0000 |
| commit | 65b166d4d88387ba454e5b37046e5f20cc6ce766 (patch) | |
| tree | 1c7c55d343fa2a4f0b4d15ac476f3982f306fdea /sys | |
| parent | 4be192fddd5f051de5c1f3220563a01d576de682 (diff) | |
Fix unveil issue noticed by kn@ where unveil does not notice covering
unveil matches when .. is used correctly. Also adds regress based
upon his test program for the same issue.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/kern_unveil.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/sys/kern/kern_unveil.c b/sys/kern/kern_unveil.c index ce4f4a34ce7..d3e13116aae 100644 --- a/sys/kern/kern_unveil.c +++ b/sys/kern/kern_unveil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_unveil.c,v 1.19 2019/01/06 18:33:26 kettenis Exp $ */ +/* $OpenBSD: kern_unveil.c,v 1.20 2019/01/14 04:02:39 beck Exp $ */ /* * Copyright (c) 2017-2018 Bob Beck <beck@openbsd.org> @@ -740,8 +740,11 @@ unveil_check_component(struct proc *p, struct nameidata *ni, struct vnode *dp) /* * adjust unveil match as necessary */ - ni->ni_unveil_match = unveil_covered( - ni->ni_unveil_match, dp, p->p_p); + uv = unveil_covered(ni->ni_unveil_match, dp, + p->p_p); + /* clear the match when we DOTDOT above it */ + if (ni->ni_unveil_match->uv_vp == dp) + ni->ni_unveil_match = NULL; } else uv = unveil_lookup(dp, p, NULL); @@ -843,7 +846,7 @@ unveil_check_final(struct proc *p, struct nameidata *ni) if (uv->uv_flags & UNVEIL_USERSET) return EACCES; else - return ENOENT; + goto done; } /* directory flags match, update match */ if (uv->uv_flags & UNVEIL_USERSET) |