finish_automount(): don't leak MNT_LOCKED from parent to child - kernel

diff options

author	Al Viro <[email protected]>	2025-05-04 17:28:37 +0000
committer	Al Viro <[email protected]>	2025-06-07 04:40:25 +0000
commit	bab77c0d191e241d2d59a845c7ed68bfa6e1b257 (patch)
tree	9621c3571a667b83ae3ed3b567417bbbbf059a8d /scripts/gcc-plugins/gcc-common.h
parent	path_overmount(): avoid false negatives (diff)
download	kernel-bab77c0d191e241d2d59a845c7ed68bfa6e1b257.tar.gz kernel-bab77c0d191e241d2d59a845c7ed68bfa6e1b257.zip

finish_automount(): don't leak MNT_LOCKED from parent to child

Intention for MNT_LOCKED had always been to protect the internal mountpoints within a subtree that got copied across the userns boundary, not the mountpoint that tree got attached to - after all, it _was_ exposed before the copying. For roots of secondary copies that is enforced in attach_recursive_mnt() - MNT_LOCKED is explicitly stripped for those. For the root of primary copy we are almost always guaranteed that MNT_LOCKED won't be there, so attach_recursive_mnt() doesn't bother. Unfortunately, one call chain got overlooked - triggering e.g. NFS referral will have the submount inherit the public flags from parent; that's fine for such things as read-only, nosuid, etc., but not for MNT_LOCKED. This is particularly pointless since the mount attached by finish_automount() is usually expirable, which makes any protection granted by MNT_LOCKED null and void; just wait for a while and that mount will go away on its own. Include MNT_LOCKED into the set of flags to be ignored by do_add_mount() - it really is an internal flag. Reviewed-by: Christian Brauner <[email protected]> Fixes: 5ff9d8a65ce8 ("vfs: Lock in place mounts from more privileged users") Signed-off-by: Al Viro <[email protected]>

Diffstat (limited to 'scripts/gcc-plugins/gcc-common.h')

0 files changed, 0 insertions, 0 deletions

/* key.c - Key objects. Copyright (C) 2000 Werner Koch (dd9jn) Copyright (C) 2001, 2002, 2003 g10 Code GmbH This file is part of GPGME. GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GPGME; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #if HAVE_CONFIG_H #include <config.h> #endif #include <stdlib.h> #include <string.h> #include <assert.h> #include "util.h" #include "ops.h" #include "sema.h" /* Protects all reference counters in keys. All other accesses to a key are either read only or happen before the key is entered into the cache. */ DEFINE_STATIC_LOCK (key_ref_lock); /* Create a new key. */ GpgmeError _gpgme_key_new (GpgmeKey *r_key) { GpgmeKey key; key = calloc (1, sizeof *key); if (!key) return GPGME_Out_Of_Core; key->_refs = 1; *r_key = key; return 0; } GpgmeError _gpgme_key_add_subkey (GpgmeKey key, GpgmeSubkey *r_subkey) { GpgmeSubkey subkey; subkey = calloc (1, sizeof *subkey); if (!subkey) return GPGME_Out_Of_Core; subkey->keyid = subkey->_keyid; subkey->_keyid[16] = '\0'; if (!key->subkeys) key->subkeys = subkey; if (key->_last_subkey) key->_last_subkey->next = subkey; key->_last_subkey = subkey; *r_subkey = subkey; return 0; } static char * set_user_id_part (char *tail, const char *buf, size_t len) { while (len && (buf[len - 1] == ' ' || buf[len - 1] == '\t')) len--; for (; len; len--) *tail++ = *buf++; *tail++ = 0; return tail; } static void parse_user_id (char *src, char **name, char **email, char **comment, char *tail) { const char *start = NULL; int in_name = 0; int in_email = 0; int in_comment = 0; while (*src) { if (in_email) { if (*src == '<') /* Not legal but anyway. */ in_email++; else if (*src == '>') { if (!--in_email && !*email) { *email = tail; tail = set_user_id_part (tail, start, src - start); } } } else if (in_comment) { if (*src == '(') in_comment++; else if (*src == ')') { if (!--in_comment && !*comment) { *comment = tail; tail = set_user_id_part (tail, start, src - start); } } } else if (*src == '<') { if (in_name) { if (!*name) { *name = tail; tail = set_user_id_part (tail, start, src - start); } in_name = 0; } in_email = 1; start = src + 1; } else if (*src == '(') { if (in_name) { if (!*name) { *name = tail; tail = set_user_id_part (tail, start, src - start); } in_name = 0; } in_comment = 1; start = src + 1; } else if (!in_name && *src != ' ' && *src != '\t') { in_name = 1; start = src; } src++; } if (in_name) { if (!*name) { *name = tail; tail = set_user_id_part (tail, start, src - start); } } /* Let unused parts point to an EOS. */ tail--; if (!*name) *name = tail; if (!*email) *email = tail; if (!*comment) *comment = tail; } static void parse_x509_user_id (char *src, char **name, char **email, char **comment, char *tail) { if (*src == '<' && src[strlen (src) - 1] == '>') *email = src; /* Let unused parts point to an EOS. */ tail--; if (!*name) *name = tail; if (!*email) *email = tail; if (!*comment) *comment = tail; } /* Take a name from the --with-colon listing, remove certain escape sequences sequences and put it into the list of UIDs. */ GpgmeError _gpgme_key_append_name (GpgmeKey key, char *src) { GpgmeUserID uid; char *dst; int src_len = strlen (src); assert (key); /* We can malloc a buffer of the same length, because the converted string will never be larger. Actually we allocate it twice the size, so that we are able to store the parsed stuff there too. */ uid = malloc (sizeof (*uid) + 2 * src_len + 3); if (!uid) return GPGME_Out_Of_Core; memset (uid, 0, sizeof *uid); uid->uid = ((char *) uid) + sizeof (*uid); dst = uid->uid; _gpgme_decode_c_string (src, &dst, src_len + 1); dst += src_len + 1; if (key->protocol == GPGME_PROTOCOL_CMS) parse_x509_user_id (uid->uid, &uid->name, &uid->email, &uid->comment, dst); else parse_user_id (uid->uid, &uid->name, &uid->email, &uid->comment, dst); if (!key->uids) key->uids = uid; if (key->_last_uid) key->_last_uid->next = uid; key->_last_uid = uid; return 0; } GpgmeKeySig _gpgme_key_add_sig (GpgmeKey key, char *src) { int src_len = src ? strlen (src) : 0; GpgmeUserID uid; GpgmeKeySig sig; assert (key); /* XXX */ uid = key->_last_uid; assert (uid); /* XXX */ /* We can malloc a buffer of the same length, because the converted string will never be larger. Actually we allocate it twice the size, so that we are able to store the parsed stuff there too. */ sig = calloc (1, sizeof (*sig) + 2 * src_len + 3); if (!sig) return NULL; sig->keyid = sig->_keyid; sig->_keyid[16] = '\0'; sig->uid = ((char *) sig) + sizeof (*sig); if (src) { char *dst = sig->uid; _gpgme_decode_c_string (src, &dst, src_len + 1); dst += src_len + 1; if (key->protocol == GPGME_PROTOCOL_CMS) parse_x509_user_id (sig->uid, &sig->name, &sig->email, &sig->comment, dst); else parse_user_id (sig->uid, &sig->name, &sig->email, &sig->comment, dst); } if (!uid->signatures) uid->signatures = sig; if (uid->_last_keysig) uid->_last_keysig->next = sig; uid->_last_keysig = sig; return sig; } /* Acquire a reference to KEY. */ void gpgme_key_ref (GpgmeKey key) { LOCK (key_ref_lock); key->_refs++; UNLOCK (key_ref_lock); } /* gpgme_key_unref releases the key object. Note, that this function may not do an actual release if there are other shallow copies of the objects. You have to call this function for every newly created key object as well as for every gpgme_key_ref() done on the key object. */ void gpgme_key_unref (GpgmeKey key) { GpgmeUserID uid; GpgmeSubkey subkey; LOCK (key_ref_lock); assert (key->_refs > 0); if (--key->_refs) { UNLOCK (key_ref_lock); return; } UNLOCK (key_ref_lock); subkey = key->subkeys; while (subkey) { GpgmeSubkey next = subkey->next; if (subkey->fpr) free (subkey->fpr); free (subkey); subkey = next; } uid = key->uids; while (uid) { GpgmeUserID next_uid = uid->next; GpgmeKeySig keysig = uid->signatures; while (keysig) { GpgmeKeySig next = keysig->next; free (keysig); keysig = next; } free (uid); uid = next_uid; } if (key->issuer_serial) free (key->issuer_serial); if (key->issuer_name) free (key->issuer_name); if (key->chain_id) free (key->chain_id); free (key); } /* Compatibility interfaces. */ void gpgme_key_release (GpgmeKey key) { gpgme_key_unref (key); } static const char * otrust_to_string (int otrust) { switch (otrust) { case GPGME_VALIDITY_NEVER: return "n"; case GPGME_VALIDITY_MARGINAL: return "m"; case GPGME_VALIDITY_FULL: return "f"; case GPGME_VALIDITY_ULTIMATE: return "u"; default: return "?"; } } static const char * validity_to_string (int validity) { switch (validity) { case GPGME_VALIDITY_UNDEFINED: return "q"; case GPGME_VALIDITY_NEVER: return "n"; case GPGME_VALIDITY_MARGINAL: return "m"; case GPGME_VALIDITY_FULL: return "f"; case GPGME_VALIDITY_ULTIMATE: return "u"; case GPGME_VALIDITY_UNKNOWN: default: return "?"; } } static const char * capabilities_to_string (GpgmeSubkey subkey) { static const char *const strings[8] = { "", "c", "s", "sc", "e", "ec", "es", "esc" }; return strings[(!!subkey->can_encrypt << 2) | (!!subkey->can_sign << 1) | (!!subkey->can_certify)]; } /* Return the value of the attribute WHAT of ITEM, which has to be representable by a string. */ const char * gpgme_key_get_string_attr (GpgmeKey key, GpgmeAttr what, const void *reserved, int idx) { GpgmeSubkey subkey; GpgmeUserID uid; int i; if (!key || reserved || idx < 0) return NULL; /* Select IDXth subkey. */ subkey = key->subkeys; for (i = 0; i < idx; i++) { subkey = subkey->next; if (!subkey) break; } /* Select the IDXth user ID. */ uid = key->uids; for (i = 0; i < idx; i++) { uid = uid->next; if (!uid) break; } switch (what) { case GPGME_ATTR_KEYID: return subkey ? subkey->keyid : NULL; case GPGME_ATTR_FPR: return subkey ? subkey->fpr : NULL; case GPGME_ATTR_ALGO: return subkey ? gpgme_pubkey_algo_name (subkey->pubkey_algo) : NULL; case GPGME_ATTR_TYPE: return key->protocol == GPGME_PROTOCOL_CMS ? "X.509" : "PGP"; case GPGME_ATTR_OTRUST: return otrust_to_string (key->owner_trust); case GPGME_ATTR_USERID: return uid ? uid->uid : NULL; case GPGME_ATTR_NAME: return uid ? uid->name : NULL; case GPGME_ATTR_EMAIL: return uid ? uid->email : NULL; case GPGME_ATTR_COMMENT: return uid ? uid->comment : NULL; case GPGME_ATTR_VALIDITY: return uid ? validity_to_string (uid->validity) : NULL; case GPGME_ATTR_KEY_CAPS: return subkey ? capabilities_to_string (subkey) : NULL; case GPGME_ATTR_SERIAL: return key->issuer_serial; case GPGME_ATTR_ISSUER: return idx ? NULL : key->issuer_name; case GPGME_ATTR_CHAINID: return key->chain_id; default: return NULL; } } unsigned long gpgme_key_get_ulong_attr (GpgmeKey key, GpgmeAttr what, const void *reserved, int idx) { GpgmeSubkey subkey; GpgmeUserID uid; int i; if (!key || reserved || idx < 0) return 0; /* Select IDXth subkey. */ subkey = key->subkeys; for (i = 0; i < idx; i++) { subkey = subkey->next; if (!subkey) break; } /* Select the IDXth user ID. */ uid = key->uids; for (i = 0; i < idx; i++) { uid = uid->next; if (!uid) break; } switch (what) { case GPGME_ATTR_ALGO: return subkey ? (unsigned long) subkey->pubkey_algo : 0; case GPGME_ATTR_LEN: return subkey ? (unsigned long) subkey->length : 0; case GPGME_ATTR_TYPE: return key->protocol == GPGME_PROTOCOL_CMS ? 1 : 0;


context:
space:
mode: