59 lines
1.8 KiB
Diff
59 lines
1.8 KiB
Diff
From 5a32a77539d00b6dc484a5200eae86842ca4ab18 Mon Sep 17 00:00:00 2001
|
|
From: zhongtao <zhongtao17@huawei.com>
|
|
Date: Tue, 12 Dec 2023 20:26:30 +0800
|
|
Subject: [PATCH 175/181] prevent the parent dir from being bind mounted to the
|
|
subdir
|
|
|
|
Signed-off-by: zhongtao <zhongtao17@huawei.com>
|
|
---
|
|
src/utils/tar/util_archive.c | 26 ++++++++++++++++++++++++++
|
|
1 file changed, 26 insertions(+)
|
|
|
|
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
|
|
index 55fdf997..e122a40f 100644
|
|
--- a/src/utils/tar/util_archive.c
|
|
+++ b/src/utils/tar/util_archive.c
|
|
@@ -179,6 +179,26 @@ out:
|
|
return ret;
|
|
}
|
|
|
|
+static int is_parent_directory(const char *parent_path, const char *child_path)
|
|
+{
|
|
+ size_t parent_len = strlen(parent_path);
|
|
+ size_t child_len = strlen(child_path);
|
|
+
|
|
+ if (parent_len == 0 || child_len == 0 || parent_len >= child_len) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ if (strncmp(parent_path, child_path, parent_len) != 0) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ if (child_path[parent_len] != '/') {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, char **safe_dir)
|
|
{
|
|
struct stat buf;
|
|
@@ -232,6 +252,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
|
|
return -1;
|
|
}
|
|
|
|
+ // prevent the parent directory from being bind mounted to the subdirectory
|
|
+ if (is_parent_directory(dstdir, tmp_dir) == 0) {
|
|
+ ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
|
|
ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
|
|
if (util_path_remove(tmp_dir) != 0) {
|
|
--
|
|
2.42.0
|
|
|