diff options
author | Rich Felker <dalias@aerifal.cx> | 2019-02-07 12:51:02 -0500 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2019-02-07 12:51:02 -0500 |
commit | 042b3ee452f542e0e16d847f90777e8c3a012375 (patch) | |
tree | 906be6630f8838a9c3fd1b10beb31f01cc712cb9 /src/dirent/fdopendir.c | |
parent | 1dd915c37090b32a6220488f99ce0f9be86eb46d (diff) | |
download | musl-042b3ee452f542e0e16d847f90777e8c3a012375.tar.gz musl-042b3ee452f542e0e16d847f90777e8c3a012375.tar.xz musl-042b3ee452f542e0e16d847f90777e8c3a012375.zip |
fail fdopendir for O_PATH file descriptors
fdopendir is specified to fail with EBADF if the file descriptor passed is not open for reading. while O_PATH is an extension and arguably exempt from this requirement, it's used, albeit incompletely, to implement O_SEARCH, and fdopendir should fail when passed an O_SEARCH file descriptor. the new check is performed after fstat so that we don't have to consider the possibility that the fd is invalid. an alternate solution would be attempting to pre-fill the buffer using getdents, which would fail with EBADF for us, but that seems more complex and error-prone and involves either code duplication or refactoring, so the simple fix with an additional inexpensive syscall is what I've made for now.
Diffstat (limited to 'src/dirent/fdopendir.c')
-rw-r--r-- | src/dirent/fdopendir.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/dirent/fdopendir.c b/src/dirent/fdopendir.c index c377271d..d78fb87f 100644 --- a/src/dirent/fdopendir.c +++ b/src/dirent/fdopendir.c @@ -13,6 +13,10 @@ DIR *fdopendir(int fd) if (fstat(fd, &st) < 0) { return 0; } + if (fcntl(fd, F_GETFL) & O_PATH) { + errno = EBADF; + return 0; + } if (!S_ISDIR(st.st_mode)) { errno = ENOTDIR; return 0; |