mirror of
https://codeberg.org/libreboot/lbmk.git
synced 2026-07-11 05:52:36 +02:00
@@ -691,6 +691,10 @@ rootfs(void)
|
||||
}
|
||||
|
||||
/* filesystem sandboxing in userspace
|
||||
* TODO:
|
||||
missing length bound check.
|
||||
potential CPU DoS on very long paths, spammed repeatedly.
|
||||
perhaps cap at PATH_LEN?
|
||||
*/
|
||||
int
|
||||
fs_resolve_at(int dirfd, const char *path, int flags)
|
||||
@@ -754,6 +758,15 @@ err:
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* NOTE:
|
||||
rejects . and .. but not empty strings
|
||||
after normalisation. edge case:
|
||||
//////
|
||||
|
||||
normalised implicitly, but might be good
|
||||
to add a defensive check regardless. code
|
||||
probably not exploitable in current state.
|
||||
*/
|
||||
int
|
||||
fs_next_component(const char **p,
|
||||
char *name, size_t namesz)
|
||||
|
||||
@@ -821,6 +821,12 @@ err:
|
||||
}
|
||||
#endif
|
||||
|
||||
/* TODO: potential infinite loop under entropy failure.
|
||||
* e.g. keeps returning low quality RNG, or atacker
|
||||
* has control (DoS attack potential).
|
||||
* possible solution: add a timeout (and abort if
|
||||
* the timeout is reached)
|
||||
*/
|
||||
int
|
||||
mkhtemp_fill_random(char *p, size_t xc)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user