libsandbox: stat the original path for EEXIST hackaround

Resolves an issue that can occur with paths that contain parent directory references (/../). If part of the path does not exist, the sandboxed program should get ENOENT, not EEXIST. If we use the canonicalized path, intermediate paths will be eliminated and we produce the wrong result. Bug: https://bugs.gentoo.org/921581 Signed-off-by: Mike Gilbert <floppym@gentoo.org>
author: Mike Gilbert <floppym@gentoo.org> 2024-01-08 14:59:35 -0500
committer: Mike Gilbert <floppym@gentoo.org> 2024-01-08 15:04:09 -0500
commit: ef9208bea4e0f0dff5abf358002565f36e4d7a8d (patch)
tree: 1659b3aac87b4f0d87f4cd80c4e4befd3c061889
parent: src: fix -Wold-style-declaration (diff)
download: sandbox-ef9208bea4e0f0dff5abf358002565f36e4d7a8d.tar.gz
sandbox-ef9208bea4e0f0dff5abf358002565f36e4d7a8d.tar.bz2
sandbox-ef9208bea4e0f0dff5abf358002565f36e4d7a8d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/libsandbox/pre_check_mkdirat.c b/libsandbox/pre_check_mkdirat.c
index b1e86cf..49c382a 100644
--- a/libsandbox/pre_check_mkdirat.c
+++ b/libsandbox/pre_check_mkdirat.c
@@ -37,7 +37,7 @@ bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd)
 	 * will trigger a sandbox violation.
 	 */
 	struct stat64 st;
-	if (0 == lstat64(canonic, &st)) {
+	if (0 == lstat64(pathname, &st)) {
 		int new_errno;
 		sb_debug_dyn("EARLY FAIL: %s(%s[%s]) @ lstat: %s\n",
 			func, pathname, canonic, strerror(errno));
author	Mike Gilbert <floppym@gentoo.org>	2024-01-08 14:59:35 -0500
committer	Mike Gilbert <floppym@gentoo.org>	2024-01-08 15:04:09 -0500
commit	ef9208bea4e0f0dff5abf358002565f36e4d7a8d (patch)
tree	1659b3aac87b4f0d87f4cd80c4e4befd3c061889
parent	src: fix -Wold-style-declaration (diff)
download	sandbox-ef9208bea4e0f0dff5abf358002565f36e4d7a8d.tar.gz sandbox-ef9208bea4e0f0dff5abf358002565f36e4d7a8d.tar.bz2 sandbox-ef9208bea4e0f0dff5abf358002565f36e4d7a8d.zip