diff options
author | Jan Synacek <jan.synacek@gmail.com> | 2017-03-29 08:25:52 +0200 |
---|---|---|
committer | Martin Pitt <martinpitt@users.noreply.github.com> | 2017-03-29 08:25:52 +0200 |
commit | ab883125704b9310dcdfcf7451a27e85609da76c (patch) | |
tree | 8eca110fc30014d4c6d14431f627f024709f3b41 /src | |
parent | 9e49656037717b96c06b1f1507a41550bdb2c795 (diff) |
basic: forbid rm_rf() to remove paths ending with ".." (#5653)
Fixes: #5644
Diffstat (limited to 'src')
-rw-r--r-- | src/basic/rm-rf.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c index 08497af729..bdaca264ff 100644 --- a/src/basic/rm-rf.c +++ b/src/basic/rm-rf.c @@ -187,6 +187,13 @@ int rm_rf(const char *path, RemoveFlags flags) { return -EPERM; } + /* Another safe-check. Removing "/path/.." could easily remove entire root as well. + * It's especially easy to do using globs in tmpfiles, like "/path/.*", which the glob() + * function expands to both "/path/." and "/path/..". + * Return -EINVAL to be consistent with rmdir("/path/."). */ + if (endswith(path, "/..") || endswith(path, "/../")) + return -EINVAL; + if ((flags & (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) == (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) { /* Try to remove as subvolume first */ r = btrfs_subvol_remove(path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); |