diff options
author | Kaz Kylheku <kaz@kylheku.com> | 2022-07-30 16:06:04 -0700 |
---|---|---|
committer | Kaz Kylheku <kaz@kylheku.com> | 2022-07-30 16:06:04 -0700 |
commit | 01e1dc8af54375c50e2cf8889a58a781b42bcae3 (patch) | |
tree | 39cf9b6fcc16e6a8786fb406232d5b99bc6e6829 | |
parent | 49255506f37ba61514c55b2f8bd6515ba1cae3c3 (diff) | |
download | txr-01e1dc8af54375c50e2cf8889a58a781b42bcae3.tar.gz txr-01e1dc8af54375c50e2cf8889a58a781b42bcae3.tar.bz2 txr-01e1dc8af54375c50e2cf8889a58a781b42bcae3.zip |
path-components-safe: check symlink link count.
* stdlib/path-test.tl (path-components-safe): Reject symlinks
that have a link count not equal to one. This looks
suspiciously like a hard link attack.
-rw-r--r-- | stdlib/path-test.tl | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/stdlib/path-test.tl b/stdlib/path-test.tl index 55b5e842..ceb83c3a 100644 --- a/stdlib/path-test.tl +++ b/stdlib/path-test.tl @@ -222,8 +222,9 @@ (if (> (inc count) 16) (throwf 'file-error "~a: too many symbolic links" 'path-components-safe)) - (if (or (zerop st.uid) - (eql st.uid (geteuid))) + (if (and (eql 1 st.nlink) + (or (zerop st.uid) + (eql st.uid (geteuid)))) (let* ((target (readlink nxpath)) (abs-p (abs-path-p target)) (tcomps (remqual "" (sspl path-sep-chars target)))) |