nfsd4: readdirplus shouldn't return parent of export

mainline inclusion from mainline-v5.11 commit 51b2ee7d category: bugfix bugzilla: NA CVE: CVE-2021-3178 -------------------------------- If you export a subdirectory of a filesystem, a READDIRPLUS on the root of that export will return the filehandle of the parent with the ".." entry. The filehandle is optional, so let's just not return the filehandle for ".." if we're at the root of an export. Note that once the client learns one filehandle outside of the export, they can trivially access the rest of the export using further lookups. However, it is also not very difficult to guess filehandles outside of the export. So exporting a subdirectory of a filesystem should considered equivalent to providing access to the entire filesystem. To avoid confusion, we recommend only exporting entire filesystems. Reported-by: N Youjipeng <wangzhibei1999@gmail.com> Signed-off-by: N J. Bruce Fields <bfields@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: N Chuck Lever <chuck.lever@oracle.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: N Zhang Xiaoxu <zhangxiaoxu5@huawei.com> Reviewed-by: N Jason Yan <yanaijie@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

nfsd4: readdirplus shouldn't return parent of export
mainline inclusion from mainline-v5.11 commit 51b2ee7d category: bugfix bugzilla: NA CVE: CVE-2021-3178 -------------------------------- If you export a subdirectory of a filesystem, a READDIRPLUS on the root of that export will return the filehandle of the parent with the ".." entry. The filehandle is optional, so let's just not return the filehandle for ".." if we're at the root of an export. Note that once the client learns one filehandle outside of the export, they can trivially access the rest of the export using further lookups. However, it is also not very difficult to guess filehandles outside of the export. So exporting a subdirectory of a filesystem should considered equivalent to providing access to the entire filesystem. To avoid confusion, we recommend only exporting entire filesystems. Reported-by: N Youjipeng <wangzhibei1999@gmail.com> Signed-off-by: N J. Bruce Fields <bfields@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: N Chuck Lever <chuck.lever@oracle.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: N Zhang Xiaoxu <zhangxiaoxu5@huawei.com> Reviewed-by: N Jason Yan <yanaijie@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
726ae70a · J. Bruce Fields · Yang Yingliang · 55a9d836 · 726ae70a
隐藏空白更改
内联并排

Showing with 6 addition and 1 deletion

fs/nfsd/nfs3xdr.c fs/nfsd/nfs3xdr.c +6 -1

未找到文件。
--- a/fs/nfsd/nfs3xdr.c
+++ b/fs/nfsd/nfs3xdr.c
@@ -844,9 +844,14 @@ compose_entry_fh(struct nfsd3_readdirres *cd, struct svc_fh *fhp,
 	if (isdotent(name, namlen)) {
 		if (namlen == 2) {
 			dchild = dget_parent(dparent);
-			/* filesystem root - cannot return filehandle for ".." */
+			/*
+			 * Don't return filehandle for ".." if we're at
+			 * the filesystem or export root:
+			 */
 			if (dchild == dparent)
 				goto out;
+			if (dparent == exp->ex_path.dentry)
+				goto out;
 		} else
 			dchild = dget(dparent);
 	} else