commit 14bc0428c2124fdb34a1962b53309be60e3f5013
parent 6a0b8841e0de10197cdee99296d59160c7c238b7
Author: illiliti <illiliti@dimension.sh>
Date: Mon, 7 Aug 2023 05:24:13 +0300
os::exec+freebsd: only open() regular files
Continuation of 6e12e7dcc81f80a405fa5018b7ff572141cc4c61
Signed-off-by: illiliti <illiliti@dimension.sh>
Diffstat:
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/os/exec/exec+freebsd.ha b/os/exec/exec+freebsd.ha
@@ -68,12 +68,29 @@ fn open(path: str) (platform_cmd | error) = {
return errors::noaccess;
};
};
- match (rt::open(path, rt::O_RDONLY, 0u)) {
+ let fd = match (rt::open(path, rt::O_RDONLY, 0u)) {
case let fd: int =>
- return fd;
+ yield fd;
case let err: rt::errno =>
return errors::errno(err);
};
+ let success = false;
+ defer if (!success) rt::close(fd)!;
+ // Make sure we are not trying to execute anything weird. fstat()
+ // already dereferences symlinks, so if this is anything other than a
+ // regular file it cannot be executed.
+ let s = rt::st { ... };
+ match (rt::fstat(fd, &s)) {
+ case let err: rt::errno =>
+ return errors::errno(err);
+ case void =>
+ if (s.mode & rt::S_IFREG == 0) {
+ return errors::noaccess;
+ };
+ };
+ success = true;
+ return fd;
+
};
fn platform_finish(cmd: *command) void = rt::close(cmd.platform)!;
