shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-09 12:58:26 +03:00
Code

basic: forbid rm_rf() to remove paths ending with ".." (#5653)

Browse Source 
Fixes: #5644
This commit is contained in:
Jan Synacek 2017-03-29 08:25:52 +02:00 committed by Martin Pitt
parent 9e49656037
commit ab88312570
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/basic/rm-rf.c
View File

@ -187,6 +187,13 @@ int rm_rf(const char *path, RemoveFlags flags) {
return -EPERM; return -EPERM;
} }
/* Another safe-check. Removing "/path/.." could easily remove entire root as well.
* It's especially easy to do using globs in tmpfiles, like "/path/.*", which the glob()
* function expands to both "/path/." and "/path/..".
* Return -EINVAL to be consistent with rmdir("/path/."). */
if (endswith(path, "/..") || endswith(path, "/../"))
return -EINVAL;
if ((flags & (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) == (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) { if ((flags & (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) == (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) {
/* Try to remove as subvolume first */ /* Try to remove as subvolume first */
r = btrfs_subvol_remove(path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); r = btrfs_subvol_remove(path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);