virtiofsd: prevent ".." escape in lo_do_lookup()

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Sergio Lopez <slp@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
author: Stefan Hajnoczi <stefanha@redhat.com> 2019-03-04 10:38:46 +0000
committer: Dr. David Alan Gilbert <dgilbert@redhat.com> 2020-01-23 16:41:36 +0000
commit: 854684bc0b3d63eb90b3abdfe471c2e4271ef176 (patch)
tree: dd754aa431ca8eddd031120e6370aa40fbe46044 /tools
parent: 70995754416eb4491c31607fe380a83cfd25a087 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index e375406160..79d5966eea 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -624,12 +624,17 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name,
     int res;
     int saverr;
     struct lo_data *lo = lo_data(req);
-    struct lo_inode *inode;
+    struct lo_inode *inode, *dir = lo_inode(req, parent);
 
     memset(e, 0, sizeof(*e));
     e->attr_timeout = lo->timeout;
     e->entry_timeout = lo->timeout;
 
+    /* Do not allow escaping root directory */
+    if (dir == &lo->root && strcmp(name, "..") == 0) {
+        name = ".";
+    }
+
     newfd = openat(lo_fd(req, parent), name, O_PATH | O_NOFOLLOW);
     if (newfd == -1) {
         goto out_err;
author	Stefan Hajnoczi <stefanha@redhat.com>	2019-03-04 10:38:46 +0000
committer	Dr. David Alan Gilbert <dgilbert@redhat.com>	2020-01-23 16:41:36 +0000
commit	854684bc0b3d63eb90b3abdfe471c2e4271ef176 (patch)
tree	dd754aa431ca8eddd031120e6370aa40fbe46044 /tools
parent	70995754416eb4491c31607fe380a83cfd25a087 (diff)