浏览代码

HBSD: Security checks and tmpfs extattr insertion lock

We need to ensure that only those who can perform the extended attribute
routines have proper permission to do so. Additionally, lock the node on
extended attribute insertion.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
hardened/current/safestack
Shawn Webb 3 个月前
父节点
当前提交
fe220f3218
共有 1 个文件被更改,包括 25 次插入6 次删除
  1. +25
    -6
      sys/fs/tmpfs/tmpfs_vnops.c

+ 25
- 6
sys/fs/tmpfs/tmpfs_vnops.c 查看文件

@@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/dirent.h>
#include <sys/extattr.h>
#include <sys/fcntl.h>
#include <sys/limits.h>
#include <sys/lockf.h>
@@ -1630,6 +1631,9 @@ tmpfs_node_has_extattr(struct tmpfs_node *node, int attrnamespace,
{
struct tmpfs_extattr_list_entry *entry, *tentry;

entry = NULL;

TMPFS_NODE_LOCK(node);
LIST_FOREACH_SAFE(entry, &(node->tn_reg.tn_extattr_list),
tele_entries, tentry) {
if (attrnamespace != entry->tele_attrnamespace) {
@@ -1637,11 +1641,12 @@ tmpfs_node_has_extattr(struct tmpfs_node *node, int attrnamespace,
}

if (!strcmp(name, entry->tele_attrname)) {
return (entry);
break;
}
}
TMPFS_NODE_UNLOCK(node);

return (NULL);
return (entry);
}

static int
@@ -1661,12 +1666,15 @@ tmpfs_extattr_get(struct vnode *vp, int attrnamespace, const char *name,
size_t len;
int error;

error = 0;

if (vp->v_type != VREG) {
return (EOPNOTSUPP);
}

error = extattr_check_cred(vp, attrnamespace, cred, td, VREAD);
if (error) {
return (error);
}

node = VP_TO_TMPFS_NODE(vp);

attr = tmpfs_node_has_extattr(node, attrnamespace, name);
@@ -1703,11 +1711,17 @@ tmpfs_extattr_set(struct vnode *vp, int attrnamespace, const char *name,
struct tmpfs_extattr_list_entry *attr;
struct tmpfs_node *node;
size_t sz;
int error;

if (vp->v_type != VREG) {
return (EOPNOTSUPP);
}

error = extattr_check_cred(vp, attrnamespace, cred, td, VWRITE);
if (error) {
return (error);
}

if (uio->uio_resid > TMPFS_EXTATTR_MAXVALUESIZE) {
return (EINVAL);
}
@@ -1735,8 +1749,10 @@ tmpfs_extattr_set(struct vnode *vp, int attrnamespace, const char *name,

uiomove(attr->tele_value, sz, uio);

TMPFS_NODE_LOCK(node);
LIST_INSERT_HEAD(&(node->tn_reg.tn_extattr_list),
attr, tele_entries);
TMPFS_NODE_UNLOCK(node);
}

return (0);
@@ -1760,12 +1776,15 @@ tmpfs_extattr_list(struct vnode *vp, int attrnamespace, struct uio *uio,
uint8_t namelen8;
int error;

error = 0;

if (vp->v_type != VREG) {
return (EOPNOTSUPP);
}

error = extattr_check_cred(vp, attrnamespace, cred, td, VREAD);
if (error) {
return (error);
}

node = VP_TO_TMPFS_NODE(vp);

if (size) {


正在加载...
取消
保存