More correct pathname resolution. #5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 8 commits
July 24, 2014 00:58
The pmc_dont_resolve_final_symlink flag is stored in path mapping context (path_mapping_context_t type) and is set to true when resolving pathnames for symlink-reading functions (like lstat(), for example). However, we want to resolve the final symlink on parts of pathname before ".." path component when cleaning such components from the pathname. This change makes clean_dotdots_from_path() function to pass context with cleared pmc_dont_resolve_final_symlink flag to recursive calls to sb_path_resolution() function. Signed-off-by: Oleg Girko <oleg.girko@jolla.com>
The clean_dotdots_from_path() function was ignoring path resolution errors when calling sb_path_resolution() function. The reason for that was that clean_dotdots_from_path() function was returning void and had no way to report failure to the caller. This change makes clean_dotdots_from_path() return int to report errors. Zero result means that there was no error. Otherwise, errno code is returned. All calling functions were modified to use this error code and report errors to their respective callers. Signed-off-by: Oleg Girko <oleg.girko@jolla.com>
This change adds check for path mapping error in prepare_exec(). Result of path mapping makes no sense if mapping failed. In this case, returning error immediately is more reasonable than trying to perform further steps, like inspecting binary file, which should fail anyway, but possibly with misleading errno. Signed-off-by: Oleg Girko <oleg.girko@jolla.com>
This change makes path resolution return error if check whether a path component is a symlink returns any error except EINVAL (not a symlink). Last component check is also allowed to fail with ENOENT (file doesn't exist) unless it's required to exist (last component before ".." is required to exist). This is needed to make cleaning ".." components from path fail on nonexistent files preceding ".." part. For example, "/nonexistent/../bin" was resolving the same way as "/bin" without this change, but it should fail instead. See https://bugs.merproject.org/show_bug.cgi?id=834 for details. Signed-off-by: Oleg Girko <oleg.girko@jolla.com>
Avoid possible errno overwriting when printing debug output. Signed-off-by: Oleg Girko <oleg.girko@jolla.com>
The old algorithm was detecting just a single trailing slash correctly, creating bogus empty path entry at the end of path entry list in case of multiple trailing slashes. Signed-off-by: Oleg Girko <oleg.girko@jolla.com>
This fixes a bug in resolving relative pathnames when current working directory is target's root: cwd is resolved to "/" which has trailing slash flag, and this flag was inherited by the full resolved pathname, which led to adding trailing slash to resolved pathname. Signed-off-by: Oleg Girko <oleg.girko@jolla.com>
This change makes path resolution fail when a path component before ".." is not a directory (or symlink pointing to a directory, but this is covered by a different code path). Signed-off-by: Oleg Girko <oleg.girko@jolla.com>
Author
|
Testing performed with these changes: successfully rebuilt Mer for armv7hl and aarch64 using sb2 with these changes. |
OlegGirko
force-pushed
the
master
branch
4 times, most recently
from
afb57d3 to
6d36a81
Compare
added 3 commits
October 4, 2014 16:10
This refactoring changes a single dont_resolve_final_symlink flag into more generic flags argument, allowing more flags to be added later. SBOX_MAP_PATH_DONT_RESOLVE_FINAL_SYMLINK value of flags argument is used instead of non-zero dont_resolve_final_symlink argument. Signed-off-by: Oleg Girko <oleg.girko@jolla.com>
This flag allows path resolution to succeed even if non-final components in the pathname refer to nonexistent directories. This is needed for emulating bindtextdomain() function which can accept pathname refering to nonexistent directory without returning an error. Signed-off-by: Oleg Girko <oleg.girko@jolla.com>
Path mapping now can fail if pathname component doesn't exist, so this condition must be handled correctly when mapping UNIX socket address. Signed-off-by: Oleg Girko <oleg.girko@jolla.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These multiple changes make pathname resolution more correct and fail early if errors detected.
The following shell commands show examples of errors fixed. Run them inside sb2 session.