VirtualBox

Ignore:
Timestamp:
Jan 5, 2011 11:23:09 AM (14 years ago)
Author:
vboxsync
Message:

supR3HardenedVerifyFsObject: Moved the type check up before the permission checks because symbolic links usually have a mode mask of 777 and would therefore trigger VERR_SUPLIB_WORLD_WRITABLE instead of VERR_SUPLIB_SYMLINKS_ARE_NOT_PERMITTED.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp

    r35188 r35403  
    11511151
    11521152    /*
     1153     * The object type must be directory or file, no symbolic links or other
     1154     * risky stuff (sorry dude, but we're paranoid on purpose here).
     1155     */
     1156    if (   !S_ISDIR(pFsObjState->Stat.st_mode)
     1157        && !S_ISREG(pFsObjState->Stat.st_mode))
     1158    {
     1159        if (S_ISLNK(pFsObjState->Stat.st_mode))
     1160            return supR3HardenedSetError3(VERR_SUPLIB_SYMLINKS_ARE_NOT_PERMITTED, pErrInfo,
     1161                                          "Symlinks are not permitted: '", pszPath, "'");
     1162        return supR3HardenedSetError3(VERR_SUPLIB_NOT_DIR_NOT_FILE, pErrInfo,
     1163                                      "Not regular file or directory: '", pszPath, "'");
     1164    }
     1165    if (fDir != !!S_ISDIR(pFsObjState->Stat.st_mode))
     1166    {
     1167        if (S_ISDIR(pFsObjState->Stat.st_mode))
     1168            return supR3HardenedSetError3(VERR_SUPLIB_IS_DIRECTORY, pErrInfo,
     1169                                          "Expected file but found directory: '", pszPath, "'");
     1170        return supR3HardenedSetError3(VERR_SUPLIB_IS_FILE, pErrInfo,
     1171                                      "Expected directory but found file: '", pszPath, "'");
     1172    }
     1173
     1174    /*
    11531175     * The group does not matter if it does not have write access, if it has
    11541176     * write access it must be group 0 (root/wheel/whatever).
     
    11811203     */
    11821204    /** @todo */
    1183 
    1184     /*
    1185      * Check the object type.
    1186      */
    1187     if (   !S_ISDIR(pFsObjState->Stat.st_mode)
    1188         && !S_ISREG(pFsObjState->Stat.st_mode))
    1189     {
    1190         if (S_ISLNK(pFsObjState->Stat.st_mode))
    1191             return supR3HardenedSetError3(VERR_SUPLIB_SYMLINKS_ARE_NOT_PERMITTED, pErrInfo,
    1192                                           "Symlinks are not permitted: '", pszPath, "'");
    1193         return supR3HardenedSetError3(VERR_SUPLIB_NOT_DIR_NOT_FILE, pErrInfo,
    1194                                       "Not regular file or directory: '", pszPath, "'");
    1195     }
    1196     if (fDir != !!S_ISDIR(pFsObjState->Stat.st_mode))
    1197     {
    1198         if (S_ISDIR(pFsObjState->Stat.st_mode))
    1199             return supR3HardenedSetError3(VERR_SUPLIB_IS_DIRECTORY, pErrInfo,
    1200                                           "Expected file but found directory: '", pszPath, "'");
    1201         return supR3HardenedSetError3(VERR_SUPLIB_IS_FILE, pErrInfo,
    1202                                       "Expected directory but found file: '", pszPath, "'");
    1203     }
    12041205
    12051206    return VINF_SUCCESS;
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette