From 502436f9fc240b435879af4f6d6dbc05a3bcd7b7 Mon Sep 17 00:00:00 2001 From: Max Wipfli Date: Mon, 5 Jul 2021 18:03:54 +0200 Subject: [PATCH] Kernel: Stricter path checking in validate_path_against_process_veil This change enforces that paths passed to VFS::validate_path_against_process_veil are absolute and do not contain any '..' or '.' parts. We should VERIFY here instead of returning EINVAL since the code that calls this should resolve non-canonical paths before calling this function. --- Kernel/FileSystem/VirtualFileSystem.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Kernel/FileSystem/VirtualFileSystem.cpp b/Kernel/FileSystem/VirtualFileSystem.cpp index 3843f6d8f8..dcf8abe19a 100644 --- a/Kernel/FileSystem/VirtualFileSystem.cpp +++ b/Kernel/FileSystem/VirtualFileSystem.cpp @@ -852,9 +852,9 @@ KResult VFS::validate_path_against_process_veil(StringView path, int options) if (path == "/usr/lib/Loader.so") return KSuccess; - // FIXME: Figure out a nicer way to do this. - if (String(path).contains("/..")) - return EINVAL; + VERIFY(path.starts_with('/')); + VERIFY(!path.contains("/../"sv) && !path.ends_with("/.."sv)); + VERIFY(!path.contains("/./"sv) && !path.ends_with("/."sv)); auto& unveiled_path = find_matching_unveiled_path(path); if (unveiled_path.permissions() == UnveilAccess::None) {