From: Christian Schoenebeck <[email protected]>
The other Trename and Trenameat handlers already reject "." and ".."
as new name on rename requests by returning -EISDIR in this case.
The legacy Twstat rename handler is missing this validation. While passing
"." or ".." does not trigger a crash as fixed by the previous patch (since
the fs backend driver's system calls handle these gracefully), it creates
a behavioral inconsistency, as it is semantically meaningless to rename a
file to a directory reference in the first place.
Fix this by rejecting "." and ".." in Twstat rename handler with -EISDIR
to match behavior of Trename and Trenameat handlers.
Fixes: 8cf89e007a ("virtio-9p: Add P9_TWSTAT support")
Link:
https://lore.kernel.org/qemu-devel/662333331d371c6c343c8091161de8eaa121880e.1780072238.git.qemu_...@crudebyte.com
Signed-off-by: Christian Schoenebeck <[email protected]>
(cherry picked from commit 08750e31fcdccf5352dc3b44475ed5ba6bc80221)
Signed-off-by: Michael Tokarev <[email protected]>
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 0d58a5a74c..34ac2c3c9a 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3621,6 +3621,10 @@ static void coroutine_fn v9fs_wstat(void *opaque)
err = -ENOENT;
goto out;
}
+ if (!strcmp(".", v9stat.name.data) || !strcmp("..", v9stat.name.data))
{
+ err = -EISDIR;
+ goto out;
+ }
v9fs_path_write_lock(s);
err = v9fs_complete_rename(pdu, fidp, -1, &v9stat.name);
--
2.47.3
