diff options
| author | Jan Synacek <jan.synacek@gmail.com> | 2017-03-29 08:25:52 +0200 |
|---|---|---|
| committer | Sven Eden <yamakuzure@gmx.net> | 2017-07-25 09:46:51 +0200 |
| commit | 99b26b4267937bb2f77f964b8e72038f6e90d6da (patch) | |
| tree | 4f3149ac8bcc1ef28069a96216544b3bc7c89ce3 | |
| parent | 6179ccf82559f78ee6526452d6052b4a964f7f3b (diff) | |
basic: forbid rm_rf() to remove paths ending with ".." (#5653)
Fixes: #5644
| -rw-r--r-- | src/basic/rm-rf.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c index 94c67bae3..565f240e1 100644 --- a/src/basic/rm-rf.c +++ b/src/basic/rm-rf.c @@ -190,6 +190,13 @@ int rm_rf(const char *path, RemoveFlags flags) { } #if 0 /// elogind does not support BTRFS this directly + /* Another safe-check. Removing "/path/.." could easily remove entire root as well. + * It's especially easy to do using globs in tmpfiles, like "/path/.*", which the glob() + * function expands to both "/path/." and "/path/..". + * Return -EINVAL to be consistent with rmdir("/path/."). */ + if (endswith(path, "/..") || endswith(path, "/../")) + return -EINVAL; + if ((flags & (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) == (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) { /* Try to remove as subvolume first */ r = btrfs_subvol_remove(path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); |