From 5a32a77539d00b6dc484a5200eae86842ca4ab18 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 12 Dec 2023 20:26:30 +0800
Subject: [PATCH 175/181] prevent the parent dir from being bind mounted to the
 subdir

Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
 src/utils/tar/util_archive.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 55fdf997..e122a40f 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -179,6 +179,26 @@ out:
     return ret;
 }
 
+static int is_parent_directory(const char *parent_path, const char *child_path)
+{
+    size_t parent_len = strlen(parent_path);
+    size_t child_len = strlen(child_path);
+
+    if (parent_len == 0 || child_len == 0 || parent_len >= child_len) {
+        return -1;
+    }
+
+    if (strncmp(parent_path, child_path, parent_len) != 0) {
+        return -1;
+    }
+
+    if (child_path[parent_len] != '/') {
+        return -1;
+    }
+
+    return 0;
+}
+
 static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, char **safe_dir)
 {
     struct stat buf;
@@ -232,6 +252,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
         return -1;
     }
 
+    // prevent the parent directory from being bind mounted to the subdirectory
+    if (is_parent_directory(dstdir, tmp_dir) == 0) {
+        ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
+        return -1;
+    }
+
     if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
         ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
         if (util_path_remove(tmp_dir) != 0) {
-- 
2.42.0