From: Volker Lendecke Date: Mon, 21 Oct 2024 10:12:27 +0000 (+0200) Subject: vfs: Don't ever call openat(-1, ...) for relative paths X-Git-Tag: tdb-1.4.13~532 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e9c6dd6d6dc720a50efdbb1c88350354271e066;p=thirdparty%2Fsamba.git vfs: Don't ever call openat(-1, ...) for relative paths This is always a bug, we should never do this. In one iteration of my code I was doing this, which led to an invalid fallback code, which itself lead to an infinite recursion. Make this more obvious with an assert. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Nov 12 15:13:03 UTC 2024 on atb-devel-224 --- diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index e895de189fa..f4032656e1f 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -607,6 +607,7 @@ static int vfswrap_openat(vfs_handle_struct *handle, files_struct *fsp, const struct vfs_open_how *how) { + int dirfd = fsp_get_pathref_fd(dirfsp); int flags = how->flags; mode_t mode = how->mode; bool have_opath = false; @@ -615,6 +616,8 @@ static int vfswrap_openat(vfs_handle_struct *handle, START_PROFILE(syscall_openat); + SMB_ASSERT((dirfd != -1) || (smb_fname->base_name[0] == '/')); + if (how->resolve & ~(VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS | VFS_OPEN_HOW_WITH_BACKUP_INTENT)) { errno = ENOSYS; @@ -656,7 +659,7 @@ static int vfswrap_openat(vfs_handle_struct *handle, .resolve = RESOLVE_NO_SYMLINKS, }; - result = openat2(fsp_get_pathref_fd(dirfsp), + result = openat2(dirfd, smb_fname->base_name, &linux_how, sizeof(linux_how)); @@ -683,7 +686,7 @@ static int vfswrap_openat(vfs_handle_struct *handle, became_root = true; } - result = openat(fsp_get_pathref_fd(dirfsp), + result = openat(dirfd, smb_fname->base_name, flags, mode);