filecopy: really do not use O_TMPFILE when use_tmpfile==0
When file opened with O_TMPFILE but use_tmpfile==0, the file will not be linked to the directory (the code at the end of process_one_file_reg). Additionally it is waste of time trying using O_TMPFILE when it's already known it shouldn't be. Also use_tmpfile==0 can mean we don't have access to /proc (set_procfs_fd wasn't called), so even if linking the file to its directory would be attempted, it would fail. This is the case for dom0-updates copy.
This commit is contained in:
parent
b0fe4d5868
commit
7607b45eae
@ -104,15 +104,19 @@ void process_one_file_reg(struct file_header *untrusted_hdr,
|
|||||||
const char *untrusted_name)
|
const char *untrusted_name)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
int fdout;
|
int fdout = -1;
|
||||||
|
|
||||||
/* make the file inaccessible until fully written */
|
/* make the file inaccessible until fully written */
|
||||||
fdout = open(".", O_WRONLY | O_TMPFILE, 0700);
|
if (use_tmpfile) {
|
||||||
if (fdout < 0 && errno==ENOENT) {
|
fdout = open(".", O_WRONLY | O_TMPFILE, 0700);
|
||||||
/* if it fails, do not attempt further use - most likely kernel too old */
|
if (fdout < 0 && errno==ENOENT) {
|
||||||
use_tmpfile = 0;
|
/* if it fails, do not attempt further use - most likely kernel too old */
|
||||||
fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000); /* safe because of chroot */
|
use_tmpfile = 0;
|
||||||
|
} else
|
||||||
|
do_exit(errno, untrusted_name);
|
||||||
}
|
}
|
||||||
|
if (fdout < 0)
|
||||||
|
fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000); /* safe because of chroot */
|
||||||
if (fdout < 0)
|
if (fdout < 0)
|
||||||
do_exit(errno, untrusted_name);
|
do_exit(errno, untrusted_name);
|
||||||
/* sizes are signed elsewhere */
|
/* sizes are signed elsewhere */
|
||||||
|
Loading…
Reference in New Issue
Block a user