From 5842d4e5b2a53b4913cfce91014d97dba980a27f Mon Sep 17 00:00:00 2001 From: KATO Takenori Date: Thu, 14 Aug 1997 03:57:46 +0000 Subject: [PATCH] If the user doesn't have read permission, union_copyup should not copy a file to upper layer. Reviewed by: Naofumi Honda --- sys/fs/unionfs/union_subr.c | 12 +++++++++++- sys/miscfs/union/union_subr.c | 12 +++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/sys/fs/unionfs/union_subr.c b/sys/fs/unionfs/union_subr.c index 493a172eac5..7f85e65611d 100644 --- a/sys/fs/unionfs/union_subr.c +++ b/sys/fs/unionfs/union_subr.c @@ -35,7 +35,7 @@ * SUCH DAMAGE. * * @(#)union_subr.c 8.20 (Berkeley) 5/20/95 - * $Id: union_subr.c,v 1.18 1997/04/16 16:24:24 kato Exp $ + * $Id: union_subr.c,v 1.19 1997/08/02 14:32:28 bde Exp $ */ #include @@ -650,6 +650,16 @@ union_copyup(un, docopy, cred, p) int error; struct vnode *lvp, *uvp; + /* + * If the user does not have read permission, the vnode should not + * be copied to upper layer. + */ + vn_lock(un->un_lowervp, LK_EXCLUSIVE | LK_RETRY, p); + error = VOP_ACCESS(un->un_lowervp, VREAD, cred, p); + VOP_UNLOCK(un->un_lowervp, 0, p); + if (error) + return (error); + error = union_vn_create(&uvp, un, p); if (error) return (error); diff --git a/sys/miscfs/union/union_subr.c b/sys/miscfs/union/union_subr.c index 493a172eac5..7f85e65611d 100644 --- a/sys/miscfs/union/union_subr.c +++ b/sys/miscfs/union/union_subr.c @@ -35,7 +35,7 @@ * SUCH DAMAGE. * * @(#)union_subr.c 8.20 (Berkeley) 5/20/95 - * $Id: union_subr.c,v 1.18 1997/04/16 16:24:24 kato Exp $ + * $Id: union_subr.c,v 1.19 1997/08/02 14:32:28 bde Exp $ */ #include @@ -650,6 +650,16 @@ union_copyup(un, docopy, cred, p) int error; struct vnode *lvp, *uvp; + /* + * If the user does not have read permission, the vnode should not + * be copied to upper layer. + */ + vn_lock(un->un_lowervp, LK_EXCLUSIVE | LK_RETRY, p); + error = VOP_ACCESS(un->un_lowervp, VREAD, cred, p); + VOP_UNLOCK(un->un_lowervp, 0, p); + if (error) + return (error); + error = union_vn_create(&uvp, un, p); if (error) return (error);