sys-apps/sandbox/files/sandbox-2.6-open-nofollow.patch - mirrors/cros/chromiumos/overlays/portage-stable - Git at Google

 From 45fa8714a1d35e6555083d88a71851ada2aacac4 Mon Sep 17 00:00:00 2001
 From: Mike Frysinger <vapier@gentoo.org>
 Date: Mon, 24 Dec 2012 18:46:29 -0500
 Subject: [PATCH] libsandbox: handle open(O_NOFOLLOW)

 We don't check for O_NOFOLLOW in the open wrappers, so we end up
 returning the wrong error when operating on broken symlinks.

 URL: https://bugs.gentoo.org/413441
 Reported-by: Marien Zwart <marienz@gentoo.org>
 Signed-off-by: Mike Frysinger <vapier@gentoo.org>
 ---
  libsandbox/wrapper-funcs/__64_post.h        |  1 +
  libsandbox/wrapper-funcs/__64_pre.h         |  1 +
  libsandbox/wrapper-funcs/openat_pre_check.c |  2 +-
  tests/open-2.sh                             | 10 ++++++++++
  tests/open.at                               |  1 +
  5 files changed, 14 insertions(+), 1 deletion(-)
  create mode 100755 tests/open-2.sh

 diff --git a/libsandbox/wrapper-funcs/__64_post.h b/libsandbox/wrapper-funcs/__64_post.h
 index 2fd2182..82d2a16 100644
 --- a/libsandbox/wrapper-funcs/__64_post.h
 +++ b/libsandbox/wrapper-funcs/__64_post.h
 @@ -1,3 +1,4 @@
  #undef SB64
  #undef stat
 +#undef lstat
  #undef off_t
 diff --git a/libsandbox/wrapper-funcs/__64_pre.h b/libsandbox/wrapper-funcs/__64_pre.h
 index 2132110..0b34b25 100644
 --- a/libsandbox/wrapper-funcs/__64_pre.h
 +++ b/libsandbox/wrapper-funcs/__64_pre.h
 @@ -1,3 +1,4 @@
  #define SB64
  #define stat stat64
 +#define lstat lstat64
  #define off_t off64_t
 diff --git a/libsandbox/wrapper-funcs/openat_pre_check.c b/libsandbox/wrapper-funcs/openat_pre_check.c
 index c827ee6..0127708 100644
 --- a/libsandbox/wrapper-funcs/openat_pre_check.c
 +++ b/libsandbox/wrapper-funcs/openat_pre_check.c
 @@ -29,7 +29,7 @@ bool sb_openat_pre_check(const char *func, const char *pathname, int dirfd, int

  	/* Doesn't exist -> skip permission checks */
  	struct stat st;
 -	if (-1 == stat(pathname, &st)) {
 +	if (((flags & O_NOFOLLOW) ? lstat(pathname, &st) : stat(pathname, &st)) == -1) {
  		sb_debug_dyn("EARLY FAIL: %s(%s): %s\n",
  			func, pathname, strerror(errno));
  		return false;
 --
 1.8.1.2
	From 45fa8714a1d35e6555083d88a71851ada2aacac4 Mon Sep 17 00:00:00 2001
	From: Mike Frysinger <vapier@gentoo.org>
	Date: Mon, 24 Dec 2012 18:46:29 -0500
	Subject: [PATCH] libsandbox: handle open(O_NOFOLLOW)

	We don't check for O_NOFOLLOW in the open wrappers, so we end up
	returning the wrong error when operating on broken symlinks.

	URL: https://bugs.gentoo.org/413441
	Reported-by: Marien Zwart <marienz@gentoo.org>
	Signed-off-by: Mike Frysinger <vapier@gentoo.org>
	---
	libsandbox/wrapper-funcs/__64_post.h \| 1 +
	libsandbox/wrapper-funcs/__64_pre.h \| 1 +
	libsandbox/wrapper-funcs/openat_pre_check.c \| 2 +-
	tests/open-2.sh \| 10 ++++++++++
	tests/open.at \| 1 +
	5 files changed, 14 insertions(+), 1 deletion(-)
	create mode 100755 tests/open-2.sh

	diff --git a/libsandbox/wrapper-funcs/__64_post.h b/libsandbox/wrapper-funcs/__64_post.h
	index 2fd2182..82d2a16 100644
	--- a/libsandbox/wrapper-funcs/__64_post.h
	+++ b/libsandbox/wrapper-funcs/__64_post.h
	@@ -1,3 +1,4 @@
	#undef SB64
	#undef stat
	+#undef lstat
	#undef off_t
	diff --git a/libsandbox/wrapper-funcs/__64_pre.h b/libsandbox/wrapper-funcs/__64_pre.h
	index 2132110..0b34b25 100644
	--- a/libsandbox/wrapper-funcs/__64_pre.h
	+++ b/libsandbox/wrapper-funcs/__64_pre.h
	@@ -1,3 +1,4 @@
	#define SB64
	#define stat stat64
	+#define lstat lstat64
	#define off_t off64_t
	diff --git a/libsandbox/wrapper-funcs/openat_pre_check.c b/libsandbox/wrapper-funcs/openat_pre_check.c
	index c827ee6..0127708 100644
	--- a/libsandbox/wrapper-funcs/openat_pre_check.c
	+++ b/libsandbox/wrapper-funcs/openat_pre_check.c
	@@ -29,7 +29,7 @@ bool sb_openat_pre_check(const char func, const char pathname, int dirfd, int

	/* Doesn't exist -> skip permission checks */
	struct stat st;
	- if (-1 == stat(pathname, &st)) {
	+ if (((flags & O_NOFOLLOW) ? lstat(pathname, &st) : stat(pathname, &st)) == -1) {
	sb_debug_dyn("EARLY FAIL: %s(%s): %s\n",
	func, pathname, strerror(errno));
	return false;
	--
	1.8.1.2