added test and fix for fallback path regression#996
Open
tridge wants to merge 2 commits into
Open
Conversation
… -L/-k) The portable per-component O_NOFOLLOW walk in secure_relative_open() refused every symlink, so on a fallback platform (the BSDs / Solaris / Cygwin, or a Linux build configured --disable-openat2) a daemon SENDER serving a module that contains an in-tree directory symlink could not dereference it for --copy-links (-L) / --copy-dirlinks (-k): the stat of "dir_link/a.txt" through the in-tree "dir_link -> dir" symlink failed, so the transfer exited 23 (or, for an -L pull, exited 0 while silently dropping the symlinked content). v3.4.x and a RESOLVE_BENEATH 3.5 (openat2 / FreeBSD 13+ / macOS 15+) follow it; this was RED only on the fallback platforms. Same root cause and fix as the local -K (keep-dirlinks) and -aR (relative symlinked parent) regressions: resolve the path on a dirfd stack that follows in-tree directory symlinks (a symlink target's ".." pops back to the pinned parent fd, never above the anchor; absolute targets and a 40-hop overrun are refused), matching RESOLVE_BENEATH while keeping the leaf under O_NOFOLLOW. The "openat(O_DIRECTORY|O_NOFOLLOW) refused -- maybe a symlink, read the target" probe keys on ELOOP/ENOTDIR, but NetBSD and OpenBSD report EFTYPE for an O_NOFOLLOW-refused symlink, so EFTYPE (guarded by #ifdef, a BSD-ism) is treated the same way -- without it those platforms would not follow the symlink either. t_chmod_secure scenario A asserted the old fallback rejection of an in-tree dir-symlink; it now expects the symlink to be followed (the escape case, scenario B, is still rejected).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a test for a regression found by a new A/B regression test utility I am working. I ran the tester on 3.4.2 versus 3.4.3 and it found a edge case regression in the fix for CVE-2026-29518.
This PR includes both the test for the regression and a fix that mirrors the behavior of RESOLVE_BENEATH on systems that don't have it