Parcourir la source

HBSD: Security checks and tmpfs extattr insertion lock

We need to ensure that only those who can perform the extended attribute
routines have proper permission to do so. Additionally, lock the node on
extended attribute insertion.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
hardened/current/safestack
Shawn Webb il y a 3 mois
Parent
révision
fe220f3218
1 fichiers modifiés avec 25 ajouts et 6 suppressions
  1. +25
    -6
      sys/fs/tmpfs/tmpfs_vnops.c

+ 25
- 6
sys/fs/tmpfs/tmpfs_vnops.c Voir le fichier

@@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/dirent.h>
#include <sys/extattr.h>
#include <sys/fcntl.h>
#include <sys/limits.h>
#include <sys/lockf.h>
@@ -1630,6 +1631,9 @@ tmpfs_node_has_extattr(struct tmpfs_node *node, int attrnamespace,
{
struct tmpfs_extattr_list_entry *entry, *tentry;

entry = NULL;

TMPFS_NODE_LOCK(node);
LIST_FOREACH_SAFE(entry, &(node->tn_reg.tn_extattr_list),
tele_entries, tentry) {
if (attrnamespace != entry->tele_attrnamespace) {
@@ -1637,11 +1641,12 @@ tmpfs_node_has_extattr(struct tmpfs_node *node, int attrnamespace,
}

if (!strcmp(name, entry->tele_attrname)) {
return (entry);
break;
}
}
TMPFS_NODE_UNLOCK(node);

return (NULL);
return (entry);
}

static int
@@ -1661,12 +1666,15 @@ tmpfs_extattr_get(struct vnode *vp, int attrnamespace, const char *name,
size_t len;
int error;

error = 0;

if (vp->v_type != VREG) {
return (EOPNOTSUPP);
}

error = extattr_check_cred(vp, attrnamespace, cred, td, VREAD);
if (error) {
return (error);
}

node = VP_TO_TMPFS_NODE(vp);

attr = tmpfs_node_has_extattr(node, attrnamespace, name);
@@ -1703,11 +1711,17 @@ tmpfs_extattr_set(struct vnode *vp, int attrnamespace, const char *name,
struct tmpfs_extattr_list_entry *attr;
struct tmpfs_node *node;
size_t sz;
int error;

if (vp->v_type != VREG) {
return (EOPNOTSUPP);
}

error = extattr_check_cred(vp, attrnamespace, cred, td, VWRITE);
if (error) {
return (error);
}

if (uio->uio_resid > TMPFS_EXTATTR_MAXVALUESIZE) {
return (EINVAL);
}
@@ -1735,8 +1749,10 @@ tmpfs_extattr_set(struct vnode *vp, int attrnamespace, const char *name,

uiomove(attr->tele_value, sz, uio);

TMPFS_NODE_LOCK(node);
LIST_INSERT_HEAD(&(node->tn_reg.tn_extattr_list),
attr, tele_entries);
TMPFS_NODE_UNLOCK(node);
}

return (0);
@@ -1760,12 +1776,15 @@ tmpfs_extattr_list(struct vnode *vp, int attrnamespace, struct uio *uio,
uint8_t namelen8;
int error;

error = 0;

if (vp->v_type != VREG) {
return (EOPNOTSUPP);
}

error = extattr_check_cred(vp, attrnamespace, cred, td, VREAD);
if (error) {
return (error);
}

node = VP_TO_TMPFS_NODE(vp);

if (size) {


Chargement…
Annuler
Enregistrer