git: e4aabaaa3dad - stable/13 - vfs: Consistently validate AT_* flags in kern_* functions.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 17 Jun 2022 19:41:39 UTC
The branch stable/13 has been updated by dchagin:
URL: https://cgit.FreeBSD.org/src/commit/?id=e4aabaaa3dad6bfef0a1941c9c501be7d325080a
commit e4aabaaa3dad6bfef0a1941c9c501be7d325080a
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-11-09 17:42:12 +0000
Commit: Dmitry Chagin <dchagin@FreeBSD.org>
CommitDate: 2022-06-17 19:35:42 +0000
vfs: Consistently validate AT_* flags in kern_* functions.
Some syscalls checked for invalid AT_* flags in sys_* and others in
kern_*.
Reviewed by: kib
Obtained from: CheriBSD
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D32864
(cherry picked from commit 57093f9366b7eeb48054ff2fa77b9d01d2b3cfc2)
---
sys/kern/vfs_syscalls.c | 40 +++++++++++++++++++---------------------
1 file changed, 19 insertions(+), 21 deletions(-)
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 64ff9b55c57e..3b3947b2ccb7 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -1523,15 +1523,9 @@ struct linkat_args {
int
sys_linkat(struct thread *td, struct linkat_args *uap)
{
- int flag;
-
- flag = uap->flag;
- if ((flag & ~(AT_SYMLINK_FOLLOW | AT_RESOLVE_BENEATH |
- AT_EMPTY_PATH)) != 0)
- return (EINVAL);
return (kern_linkat(td, uap->fd1, uap->fd2, uap->path1, uap->path2,
- UIO_USERSPACE, flag));
+ UIO_USERSPACE, uap->flag));
}
int hardlink_check_uid = 0;
@@ -1580,6 +1574,10 @@ kern_linkat(struct thread *td, int fd1, int fd2, const char *path1,
struct nameidata nd;
int error;
+ if ((flag & ~(AT_SYMLINK_FOLLOW | AT_RESOLVE_BENEATH |
+ AT_EMPTY_PATH)) != 0)
+ return (EINVAL);
+
NDPREINIT(&nd);
do {
bwillwrite();
@@ -2757,10 +2755,6 @@ int
sys_chflagsat(struct thread *td, struct chflagsat_args *uap)
{
- if ((uap->atflag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
- AT_EMPTY_PATH)) != 0)
- return (EINVAL);
-
return (kern_chflagsat(td, uap->fd, uap->path, UIO_USERSPACE,
uap->flags, uap->atflag));
}
@@ -2789,6 +2783,10 @@ kern_chflagsat(struct thread *td, int fd, const char *path,
struct nameidata nd;
int error;
+ if ((atflag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
+ AT_EMPTY_PATH)) != 0)
+ return (EINVAL);
+
AUDIT_ARG_FFLAGS(flags);
NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(atflag, AT_SYMLINK_NOFOLLOW |
AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
@@ -2888,10 +2886,6 @@ int
sys_fchmodat(struct thread *td, struct fchmodat_args *uap)
{
- if ((uap->flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
- AT_EMPTY_PATH)) != 0)
- return (EINVAL);
-
return (kern_fchmodat(td, uap->fd, uap->path, UIO_USERSPACE,
uap->mode, uap->flag));
}
@@ -2920,6 +2914,10 @@ kern_fchmodat(struct thread *td, int fd, const char *path,
struct nameidata nd;
int error;
+ if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
+ AT_EMPTY_PATH)) != 0)
+ return (EINVAL);
+
AUDIT_ARG_MODE(mode);
NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_SYMLINK_NOFOLLOW |
AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
@@ -3017,10 +3015,6 @@ int
sys_fchownat(struct thread *td, struct fchownat_args *uap)
{
- if ((uap->flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
- AT_EMPTY_PATH)) != 0)
- return (EINVAL);
-
return (kern_fchownat(td, uap->fd, uap->path, UIO_USERSPACE, uap->uid,
uap->gid, uap->flag));
}
@@ -3032,6 +3026,10 @@ kern_fchownat(struct thread *td, int fd, const char *path,
struct nameidata nd;
int error;
+ if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
+ AT_EMPTY_PATH)) != 0)
+ return (EINVAL);
+
AUDIT_ARG_OWNER(uid, gid);
NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_SYMLINK_NOFOLLOW |
AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
@@ -4404,8 +4402,6 @@ int
sys_getfhat(struct thread *td, struct getfhat_args *uap)
{
- if ((uap->flags & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH)) != 0)
- return (EINVAL);
return (kern_getfhat(td, uap->flags, uap->fd, uap->path, UIO_USERSPACE,
uap->fhp, UIO_USERSPACE));
}
@@ -4419,6 +4415,8 @@ kern_getfhat(struct thread *td, int flags, int fd, const char *path,
struct vnode *vp;
int error;
+ if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH)) != 0)
+ return (EINVAL);
error = priv_check(td, PRIV_VFS_GETFH);
if (error != 0)
return (error);