diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2016-02-27 19:17:33 -0500 |
|---|---|---|
| committer | Jiri Slaby <jslaby@suse.cz> | 2016-03-03 12:46:07 +0100 |
| commit | 66efd9e7538d2f5823e7d2ccae2b16e8e57b7d15 (patch) | |
| tree | 0ba779b44036f66feacc191d9dfd0f4860c5d489 | |
| parent | 2976c211bd096c472f996a368030eb1c18cb174c (diff) | |
| download | lwn-66efd9e7538d2f5823e7d2ccae2b16e8e57b7d15.tar.gz lwn-66efd9e7538d2f5823e7d2ccae2b16e8e57b7d15.zip | |
do_last(): don't let a bogus return value from ->open() et.al. to confuse us
commit c80567c82ae4814a41287618e315a60ecf513be6 upstream.
... into returning a positive to path_openat(), which would interpret that
as "symlink had been encountered" and proceed to corrupt memory, etc.
It can only happen due to a bug in some ->open() instance or in some LSM
hook, etc., so we report any such event *and* make sure it doesn't trick
us into further unpleasantness.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
| -rw-r--r-- | fs/namei.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/namei.c b/fs/namei.c index d1c0b91b4534..b1b1781faca1 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3116,6 +3116,10 @@ opened: goto exit_fput; } out: + if (unlikely(error > 0)) { + WARN_ON(1); + error = -EINVAL; + } if (got_write) mnt_drop_write(nd->path.mnt); path_put(&save_parent); |