tech-kern: Re: mkdir with trailing / (patch proposed)

Subject: Re: mkdir with trailing / (patch proposed)
To: None <tech-userlevel@netbsd.org>
From: Julio Merino <jmmv@hispabsd.org>
List: tech-kern
Date: 04/28/2002 20:20:43
--sdtB3X0nJg68CQEu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Apr 28, 2002 at 06:20:05PM +0200, Martin Husemann wrote:
> > The trailing slash produces an error... is this the expected behavivour?
>=20
> No, this is a (well?) known long standing bug. There is a PR open on this.

The PR is kern/8155. I've just written the following patch that solves the
problem. I'm not an expert to secure code so it may cause a
buffer-overflow :p. If anybody would review it and post his/her comments...
;-)

I'm CC'ing to tech-kern as this patch belongs there though.

----- [patch for /sys/kern/vfs_syscalls.c] -----
Index: vfs_syscalls.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvsroot/syssrc/sys/kern/vfs_syscalls.c,v
retrieving revision 1.173
diff -u -u -r1.173 vfs_syscalls.c
--- vfs_syscalls.c	2001/11/12 15:25:41	1.173
+++ vfs_syscalls.c	2002/04/28 18:16:18
@@ -2912,10 +2912,23 @@
 	struct vattr vattr;
 	int error;
 	struct nameidata nd;
+	char *path, *slash;
=20
-	NDINIT(&nd, CREATE, LOCKPARENT, UIO_USERSPACE, SCARG(uap, path), p);
-	if ((error =3D namei(&nd)) !=3D 0)
+	/* Work-around trailing slashes */
+	path =3D (char *) malloc(PATH_MAX + 1, M_TEMP, M_CANFAIL);
+	if (path =3D=3D NULL)
+		return ENOMEM;
+	memcpy(path, SCARG(uap, path), PATH_MAX);
+	path[PATH_MAX] =3D '\0';
+	slash =3D strchr(path, '\0');
+	while (--slash > path && *slash =3D=3D '/')
+		*slash =3D '\0';
+
+	NDINIT(&nd, CREATE, LOCKPARENT, UIO_USERSPACE, path, p);
+	if ((error =3D namei(&nd)) !=3D 0) {
+		free(path, M_TEMP);
 		return (error);
+	}
 	vp =3D nd.ni_vp;
 	if (vp !=3D NULL) {
 		VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
@@ -2924,6 +2937,7 @@
 		else
 			vput(nd.ni_dvp);
 		vrele(vp);
+		free(path, M_TEMP);
 		return (EEXIST);
 	}
 	VATTR_NULL(&vattr);
@@ -2934,6 +2948,7 @@
 	error =3D VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
 	if (!error)
 		vput(nd.ni_vp);
+	free(path, M_TEMP);
 	return (error);
 }
----- [end patch for /sys/kern/vfs_syscalls.c] -----

Thanks.

>=20
> Martin

--=20
Of course it runs NetBSD - http://www.netbsd.org
HispaBSD member - http://www.hispabsd.org
Julio Merino <jmmv@hispabsd.org>

--sdtB3X0nJg68CQEu
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8zD17zz00ZOPKycwRAhPIAKCbaWfgRHUsiHC8z7oDD/I+eExFAgCfbLPw
Fsy4CFrTgpLaC+7SMitY4X8=
=Keik
-----END PGP SIGNATURE-----

--sdtB3X0nJg68CQEu--