git: 57093f9366b7 - main - vfs: Consistently validate AT_* flags in kern_* functions.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 09 Nov 2021 18:02:13 UTC
The branch main has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=57093f9366b7eeb48054ff2fa77b9d01d2b3cfc2
commit 57093f9366b7eeb48054ff2fa77b9d01d2b3cfc2
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-11-09 17:42:12 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-11-09 17:42:12 +0000
vfs: Consistently validate AT_* flags in kern_* functions.
Some syscalls checked for invalid AT_* flags in sys_* and others in
kern_*.
Reviewed by: kib
Obtained from: CheriBSD
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D32864
---
sys/kern/vfs_syscalls.c | 40 +++++++++++++++++++---------------------
1 file changed, 19 insertions(+), 21 deletions(-)
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 29a6b34d083a..cedadc55b87f 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -1524,15 +1524,9 @@ struct linkat_args {
int
sys_linkat(struct thread *td, struct linkat_args *uap)
{
- int flag;
-
- flag = uap->flag;
- if ((flag & ~(AT_SYMLINK_FOLLOW | AT_RESOLVE_BENEATH |
- AT_EMPTY_PATH)) != 0)
- return (EINVAL);
return (kern_linkat(td, uap->fd1, uap->fd2, uap->path1, uap->path2,
- UIO_USERSPACE, flag));
+ UIO_USERSPACE, uap->flag));
}
int hardlink_check_uid = 0;
@@ -1581,6 +1575,10 @@ kern_linkat(struct thread *td, int fd1, int fd2, const char *path1,
struct nameidata nd;
int error;
+ if ((flag & ~(AT_SYMLINK_FOLLOW | AT_RESOLVE_BENEATH |
+ AT_EMPTY_PATH)) != 0)
+ return (EINVAL);
+
NDPREINIT(&nd);
do {
bwillwrite();
@@ -2758,10 +2756,6 @@ int
sys_chflagsat(struct thread *td, struct chflagsat_args *uap)
{
- if ((uap->atflag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
- AT_EMPTY_PATH)) != 0)
- return (EINVAL);
-
return (kern_chflagsat(td, uap->fd, uap->path, UIO_USERSPACE,
uap->flags, uap->atflag));
}
@@ -2790,6 +2784,10 @@ kern_chflagsat(struct thread *td, int fd, const char *path,
struct nameidata nd;
int error;
+ if ((atflag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
+ AT_EMPTY_PATH)) != 0)
+ return (EINVAL);
+
AUDIT_ARG_FFLAGS(flags);
NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(atflag, AT_SYMLINK_NOFOLLOW |
AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
@@ -2889,10 +2887,6 @@ int
sys_fchmodat(struct thread *td, struct fchmodat_args *uap)
{
- if ((uap->flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
- AT_EMPTY_PATH)) != 0)
- return (EINVAL);
-
return (kern_fchmodat(td, uap->fd, uap->path, UIO_USERSPACE,
uap->mode, uap->flag));
}
@@ -2921,6 +2915,10 @@ kern_fchmodat(struct thread *td, int fd, const char *path,
struct nameidata nd;
int error;
+ if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
+ AT_EMPTY_PATH)) != 0)
+ return (EINVAL);
+
AUDIT_ARG_MODE(mode);
NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_SYMLINK_NOFOLLOW |
AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
@@ -3018,10 +3016,6 @@ int
sys_fchownat(struct thread *td, struct fchownat_args *uap)
{
- if ((uap->flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
- AT_EMPTY_PATH)) != 0)
- return (EINVAL);
-
return (kern_fchownat(td, uap->fd, uap->path, UIO_USERSPACE, uap->uid,
uap->gid, uap->flag));
}
@@ -3033,6 +3027,10 @@ kern_fchownat(struct thread *td, int fd, const char *path,
struct nameidata nd;
int error;
+ if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
+ AT_EMPTY_PATH)) != 0)
+ return (EINVAL);
+
AUDIT_ARG_OWNER(uid, gid);
NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_SYMLINK_NOFOLLOW |
AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
@@ -4401,8 +4399,6 @@ int
sys_getfhat(struct thread *td, struct getfhat_args *uap)
{
- if ((uap->flags & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH)) != 0)
- return (EINVAL);
return (kern_getfhat(td, uap->flags, uap->fd, uap->path, UIO_USERSPACE,
uap->fhp, UIO_USERSPACE));
}
@@ -4416,6 +4412,8 @@ kern_getfhat(struct thread *td, int flags, int fd, const char *path,
struct vnode *vp;
int error;
+ if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH)) != 0)
+ return (EINVAL);
error = priv_check(td, PRIV_VFS_GETFH);
if (error != 0)
return (error);