copy: put a depth limit on copying file system trees recursively
This is a safety net against bind mount cycles, as such pick it relatively high at 2048 for now. As suggested by @filbranden on #9213
This commit is contained in:
parent
f6a77804c9
commit
575a07d2dc
|
@ -37,7 +37,12 @@
|
|||
#include "user-util.h"
|
||||
#include "xattr-util.h"
|
||||
|
||||
#define COPY_BUFFER_SIZE (16*1024u)
|
||||
#define COPY_BUFFER_SIZE (16U*1024U)
|
||||
|
||||
/* A safety net for descending recursively into file system trees to copy. On Linux PATH_MAX is 4096, which means the
|
||||
* deepest valid path one can build is around 2048, which we hence use as a safety net here, to not spin endlessly in
|
||||
* case of bind mount cycles and suchlike. */
|
||||
#define COPY_DEPTH_MAX 2048U
|
||||
|
||||
static ssize_t try_copy_file_range(
|
||||
int fd_in, loff_t *off_in,
|
||||
|
@ -480,6 +485,7 @@ static int fd_copy_directory(
|
|||
int dt,
|
||||
const char *to,
|
||||
dev_t original_device,
|
||||
unsigned depth_left,
|
||||
uid_t override_uid,
|
||||
gid_t override_gid,
|
||||
CopyFlags copy_flags) {
|
||||
|
@ -493,6 +499,9 @@ static int fd_copy_directory(
|
|||
assert(st);
|
||||
assert(to);
|
||||
|
||||
if (depth_left == 0)
|
||||
return -ENAMETOOLONG;
|
||||
|
||||
if (from)
|
||||
fdf = openat(df, from, O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
|
||||
else
|
||||
|
@ -546,7 +555,9 @@ static int fd_copy_directory(
|
|||
* • The main reason we do this check at all is to protect ourselves from bind mount cycles,
|
||||
* where we really want to avoid descending down in all eternity. However the .st_dev check
|
||||
* is usually not sufficient for this protection anyway, as bind mount cycles from the same
|
||||
* file system onto itself can't be detected that way.
|
||||
* file system onto itself can't be detected that way. (Note we also do a recursion depth
|
||||
* check, which is probably the better protection in this regard, which is why
|
||||
* COPY_SAME_MOUNT is optional).
|
||||
*/
|
||||
|
||||
if (FLAGS_SET(copy_flags, COPY_SAME_MOUNT)) {
|
||||
|
@ -560,7 +571,7 @@ static int fd_copy_directory(
|
|||
continue;
|
||||
}
|
||||
|
||||
q = fd_copy_directory(dirfd(d), de->d_name, &buf, fdt, de->d_name, original_device, override_uid, override_gid, copy_flags);
|
||||
q = fd_copy_directory(dirfd(d), de->d_name, &buf, fdt, de->d_name, original_device, depth_left-1, override_uid, override_gid, copy_flags);
|
||||
} else if (S_ISREG(buf.st_mode))
|
||||
q = fd_copy_regular(dirfd(d), de->d_name, &buf, fdt, de->d_name, override_uid, override_gid, copy_flags);
|
||||
else if (S_ISLNK(buf.st_mode))
|
||||
|
@ -612,7 +623,7 @@ int copy_tree_at(int fdf, const char *from, int fdt, const char *to, uid_t overr
|
|||
if (S_ISREG(st.st_mode))
|
||||
return fd_copy_regular(fdf, from, &st, fdt, to, override_uid, override_gid, copy_flags);
|
||||
else if (S_ISDIR(st.st_mode))
|
||||
return fd_copy_directory(fdf, from, &st, fdt, to, st.st_dev, override_uid, override_gid, copy_flags);
|
||||
return fd_copy_directory(fdf, from, &st, fdt, to, st.st_dev, COPY_DEPTH_MAX, override_uid, override_gid, copy_flags);
|
||||
else if (S_ISLNK(st.st_mode))
|
||||
return fd_copy_symlink(fdf, from, &st, fdt, to, override_uid, override_gid, copy_flags);
|
||||
else if (S_ISFIFO(st.st_mode))
|
||||
|
@ -639,7 +650,7 @@ int copy_directory_fd(int dirfd, const char *to, CopyFlags copy_flags) {
|
|||
if (!S_ISDIR(st.st_mode))
|
||||
return -ENOTDIR;
|
||||
|
||||
return fd_copy_directory(dirfd, NULL, &st, AT_FDCWD, to, st.st_dev, UID_INVALID, GID_INVALID, copy_flags);
|
||||
return fd_copy_directory(dirfd, NULL, &st, AT_FDCWD, to, st.st_dev, COPY_DEPTH_MAX, UID_INVALID, GID_INVALID, copy_flags);
|
||||
}
|
||||
|
||||
int copy_directory(const char *from, const char *to, CopyFlags copy_flags) {
|
||||
|
@ -654,7 +665,7 @@ int copy_directory(const char *from, const char *to, CopyFlags copy_flags) {
|
|||
if (!S_ISDIR(st.st_mode))
|
||||
return -ENOTDIR;
|
||||
|
||||
return fd_copy_directory(AT_FDCWD, from, &st, AT_FDCWD, to, st.st_dev, UID_INVALID, GID_INVALID, copy_flags);
|
||||
return fd_copy_directory(AT_FDCWD, from, &st, AT_FDCWD, to, st.st_dev, COPY_DEPTH_MAX, UID_INVALID, GID_INVALID, copy_flags);
|
||||
}
|
||||
|
||||
int copy_file_fd(const char *from, int fdt, CopyFlags copy_flags) {
|
||||
|
|
Loading…
Reference in a new issue