path-components-safe: check symlink link count.

* stdlib/path-test.tl (path-components-safe): Reject symlinks that have a link count not equal to one. This looks suspiciously like a hard link attack.
author: Kaz Kylheku <kaz@kylheku.com> 2022-07-30 16:06:04 -0700
committer: Kaz Kylheku <kaz@kylheku.com> 2022-07-30 16:06:04 -0700
commit: 0fb37ef286f2a8a89ec1d7d1f184652177c53acc (patch)
tree: 39cf9b6fcc16e6a8786fb406232d5b99bc6e6829
parent: b7ce697647dfe71a63c11ee065ddc6b2f1af91db (diff)
download: txr-0fb37ef286f2a8a89ec1d7d1f184652177c53acc.tar.gz
txr-0fb37ef286f2a8a89ec1d7d1f184652177c53acc.tar.bz2
txr-0fb37ef286f2a8a89ec1d7d1f184652177c53acc.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/stdlib/path-test.tl b/stdlib/path-test.tl
index 55b5e842..ceb83c3a 100644
--- a/stdlib/path-test.tl
+++ b/stdlib/path-test.tl
@@ -222,8 +222,9 @@
                (if (> (inc count) 16)
                  (throwf 'file-error "~a: too many symbolic links"
                          'path-components-safe))
-               (if (or (zerop st.uid)
-                       (eql st.uid (geteuid)))
+               (if (and (eql 1 st.nlink)
+                        (or (zerop st.uid)
+                            (eql st.uid (geteuid))))
                  (let* ((target (readlink nxpath))
                         (abs-p (abs-path-p target))
                         (tcomps (remqual "" (sspl path-sep-chars target))))
author	Kaz Kylheku <kaz@kylheku.com>	2022-07-30 16:06:04 -0700
committer	Kaz Kylheku <kaz@kylheku.com>	2022-07-30 16:06:04 -0700
commit	0fb37ef286f2a8a89ec1d7d1f184652177c53acc (patch)
tree	39cf9b6fcc16e6a8786fb406232d5b99bc6e6829
parent	b7ce697647dfe71a63c11ee065ddc6b2f1af91db (diff)
download	txr-0fb37ef286f2a8a89ec1d7d1f184652177c53acc.tar.gz txr-0fb37ef286f2a8a89ec1d7d1f184652177c53acc.tar.bz2 txr-0fb37ef286f2a8a89ec1d7d1f184652177c53acc.zip