path-components-safe: check symlink link count.

* stdlib/path-test.tl (path-components-safe): Reject symlinks that have a link count not equal to one. This looks suspiciously like a hard link attack.
author: Kaz Kylheku <kaz@kylheku.com> 2022-07-30 16:06:04 -0700
committer: Kaz Kylheku <kaz@kylheku.com> 2022-07-30 16:06:04 -0700
commit: 01e1dc8af54375c50e2cf8889a58a781b42bcae3 (patch)
tree: 39cf9b6fcc16e6a8786fb406232d5b99bc6e6829
parent: 49255506f37ba61514c55b2f8bd6515ba1cae3c3 (diff)
download: txr-01e1dc8af54375c50e2cf8889a58a781b42bcae3.tar.gz
txr-01e1dc8af54375c50e2cf8889a58a781b42bcae3.tar.bz2
txr-01e1dc8af54375c50e2cf8889a58a781b42bcae3.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/stdlib/path-test.tl b/stdlib/path-test.tl
index 55b5e842..ceb83c3a 100644
--- a/stdlib/path-test.tl
+++ b/stdlib/path-test.tl
@@ -222,8 +222,9 @@
                (if (> (inc count) 16)
                  (throwf 'file-error "~a: too many symbolic links"
                          'path-components-safe))
-               (if (or (zerop st.uid)
-                       (eql st.uid (geteuid)))
+               (if (and (eql 1 st.nlink)
+                        (or (zerop st.uid)
+                            (eql st.uid (geteuid))))
                  (let* ((target (readlink nxpath))
                         (abs-p (abs-path-p target))
                         (tcomps (remqual "" (sspl path-sep-chars target))))
author	Kaz Kylheku <kaz@kylheku.com>	2022-07-30 16:06:04 -0700
committer	Kaz Kylheku <kaz@kylheku.com>	2022-07-30 16:06:04 -0700
commit	01e1dc8af54375c50e2cf8889a58a781b42bcae3 (patch)
tree	39cf9b6fcc16e6a8786fb406232d5b99bc6e6829
parent	49255506f37ba61514c55b2f8bd6515ba1cae3c3 (diff)
download	txr-01e1dc8af54375c50e2cf8889a58a781b42bcae3.tar.gz txr-01e1dc8af54375c50e2cf8889a58a781b42bcae3.tar.bz2 txr-01e1dc8af54375c50e2cf8889a58a781b42bcae3.zip