From: Oliver Kurth Date: Tue, 26 May 2020 22:32:56 +0000 (-0700) Subject: Hgfs Linux/OSX Server: fix write-only shares access check creating new files X-Git-Tag: stable-11.2.0~214 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c27281f24e043f64a9e627e2eaeccd9c196fc938;p=thirdparty%2Fopen-vm-tools.git Hgfs Linux/OSX Server: fix write-only shares access check creating new files Linux and OS X Hgfs server has an incorrect failure status check when a user has a write-only share enabled. In a write-only share any failure is mapped to EACESS unless the error is ENOENT when a new file is to be created. The error check currently fails all errors when it should only allow creation of new files i.e., ENOENT with flags specifying O_CREAT. The check should be if (status == EACCES) goto exit --- diff --git a/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c b/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c index 8cbc0e153..84acc3ad2 100644 --- a/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c +++ b/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (C) 1998-2019 VMware, Inc. All rights reserved. + * Copyright (C) 1998-2020 VMware, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -1003,18 +1003,22 @@ HgfsPlatformValidateOpen(HgfsFileOpenInfo *openInfo, // IN: Open info struct if (!openInfo->shareInfo.readPermissions) { /* * "Drop Box" / "FTP incoming" type of shared folders. - * Allow creating a new file. Deny opening exisitng file. + * Only allow creating a new file. + * Any access to an existing file requires read so fail EACCES. */ - status = Posix_Access(openInfo->utf8Name, F_OK); - if (status < 0) { - status = errno; - if (status != ENOENT || (openFlags & O_CREAT) == 0) { + int accessStatus = Posix_Access(openInfo->utf8Name, F_OK); + + if (accessStatus < 0) { + accessStatus = errno; + /* Not creating a new file, then fail. */ + if (!(accessStatus == ENOENT && (openFlags & O_CREAT))) { status = EACCES; } } else { + /*An existing file, then fail */ status = EACCES; } - if (status != 0) { + if (status == EACCES) { LOG(4, "%s: Error: Unreadable share flags %u file \"%s\": %d %s\n", __FUNCTION__, openFlags, openInfo->utf8Name, status, Err_Errno2String(status));