Re: Feature (bug) in access() and/or /hurd/auth

Thu, 31 Jan 2002 11:18:34 -0800 

On Wed, Jan 30, 2002 at 12:32:17PM -0700, Jon Arney wrote:
> In __hurd_file_name_lookup_retry, there seems to be a test for recursion
> in the form of:
> 
>       switch (doretry)
>         {
>         case FS_RETRY_REAUTH:
>           if (err = reauthenticate (*result))
>             return err;
>           /* Fall through.  */
> 
>         case FS_RETRY_NORMAL:
> #ifdef SYMLOOP_MAX
>           if (nloops++ >= SYMLOOP_MAX)
>             return ELOOP;
> #endif
> ---SNIP---
>       break;
>         case FS_RETRY_MAGICAL:
> 
> Herein lies the problem as I read it.  The first case is covered by the
> ELOOP check since it's a 'fall through' and the second case is covered.
> Any other cases (for instance FS_RETRY_MAGICAL) are not covered by this
> test.

This seems to be an old version of the code.  See this fix, which is in
current CVS:

2001-05-19  Roland McGrath  <[EMAIL PROTECTED]>

        * hurd/hurdlookup.c (__hurd_file_name_lookup_retry): Don't leak the
        result port when failing with ELOOP.  Do the ELOOP check when
        following an absolute symlink target as well as relative.
        Remove #ifdef SYMLOOP_MAX conditional--it should always be defined.

diff -u -r1.47 -r1.48
--- libc/hurd/hurdlookup.c      1999/11/13 23:52:13     1.47
+++ libc/hurd/hurdlookup.c      2001/05/20 02:27:44     1.48
@@ -1,4 +1,4 @@
-/* Copyright (C) 1992, 93, 94, 95, 96, 97, 99 Free Software Foundation,
Inc.
+/* Copyright (C) 1992,93,94,95,96,97,99,2001 Free Software Foundation, Inc.
    This file is part of the GNU C Library.

    The GNU C Library is free software; you can redistribute it and/or
@@ -164,10 +164,11 @@
          /* Fall through.  */

        case FS_RETRY_NORMAL:
-#ifdef SYMLOOP_MAX
          if (nloops++ >= SYMLOOP_MAX)
-           return ELOOP;
-#endif
+           {
+             __mach_port_deallocate (__mach_task_self (), *result);
+             return ELOOP;
+           }

          /* An empty RETRYNAME indicates we have the final port.  */
          if (retryname[0] == '\0' &&
@@ -240,6 +241,8 @@
              dirport = INIT_PORT_CRDIR;
              if (*result != MACH_PORT_NULL)
                __mach_port_deallocate (__mach_task_self (), *result);
+             if (nloops++ >= SYMLOOP_MAX)
+               return ELOOP;
              file_name = &retryname[1];
              break;

-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org [EMAIL PROTECTED]
Marcus Brinkmann              GNU    http://www.gnu.org    [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.marcus-brinkmann.de

_______________________________________________
Bug-hurd mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-hurd

Reply via email to