upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-08 00:02:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

cache: only let non-dir descriptors through when doing EMPTYPATH lookups

Browse source 
Otherwise things like realpath against a file and '.' end up with an
illegal state of having a regular vnode for the parent.

Reported by:	syzbot+9aa5439dd9c708aeb1a8@syzkaller.appspotmail.com
This commit is contained in:
Mateusz Guzik 2021-10-27 20:17:59 +02:00
parent 34fb1c133c
commit 628c3b307f
1 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
sys/kern/vfs_cache.c
View file

@ -4245,19 +4245,28 @@ cache_can_fplookup(struct cache_fpl *fpl)
return (true);
}
static int
static int __noinline
cache_fplookup_dirfd(struct cache_fpl *fpl, struct vnode **vpp)
{
struct nameidata *ndp;
struct componentname *cnp;
int error;
bool fsearch;
ndp = fpl->ndp;
cnp = fpl->cnp;
error = fgetvp_lookup_smr(ndp->ni_dirfd, ndp, vpp, &fsearch);
if (__predict_false(error != 0)) {
return (cache_fpl_aborted(fpl));
}
fpl->fsearch = fsearch;
if ((*vpp)->v_type != VDIR) {
if (!((cnp->cn_flags & EMPTYPATH) != 0 && cnp->cn_pnbuf[0] == '\0')) {
cache_fpl_smr_exit(fpl);
return (cache_fpl_handled_error(fpl, ENOTDIR));
}
}
return (0);
}