From 01e1dc8af54375c50e2cf8889a58a781b42bcae3 Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Sat, 30 Jul 2022 16:06:04 -0700
Subject: path-components-safe: check symlink link count.

* stdlib/path-test.tl (path-components-safe): Reject symlinks
that have a link count not equal to one. This looks
suspiciously like a hard link attack.
---
 stdlib/path-test.tl | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'stdlib/path-test.tl')

diff --git a/stdlib/path-test.tl b/stdlib/path-test.tl
index 55b5e842..ceb83c3a 100644
--- a/stdlib/path-test.tl
+++ b/stdlib/path-test.tl
@@ -222,8 +222,9 @@
                (if (> (inc count) 16)
                  (throwf 'file-error "~a: too many symbolic links"
                          'path-components-safe))
-               (if (or (zerop st.uid)
-                       (eql st.uid (geteuid)))
+               (if (and (eql 1 st.nlink)
+                        (or (zerop st.uid)
+                            (eql st.uid (geteuid))))
                  (let* ((target (readlink nxpath))
                         (abs-p (abs-path-p target))
                         (tcomps (remqual "" (sspl path-sep-chars target))))
-- 
cgit v1.2.3