From 74dd7c97ea2ab08b41925ab2f472db573accda89 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 9 Oct 2018 23:32:41 -0400 Subject: [Backport 74dd7c97ea2a] ecryptfs_rename(): verify that lower dentries are still OK after lock_rename() We get lower layer dentries, find their parents, do lock_rename() and proceed to vfs_rename(). However, we do not check that dentries still have the same parents and are not unlinked. Need to check that... Signed-off-by: Al Viro --- src/inode.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/inode.c b/src/inode.c index 49121e5a8de228acfb1ea126250e5ad94e4ec812..5c36ceecb5c12828ceb84a39d19c86b69713b937 100644 --- a/src/inode.c +++ b/src/inode.c @@ -593,11 +593,16 @@ ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry, lower_new_dir_dentry = dget_parent(lower_new_dentry); target_inode = d_inode(new_dentry); trap = lock_rename(lower_old_dir_dentry, lower_new_dir_dentry); + rc = -EINVAL; + if (lower_old_dentry->d_parent != lower_old_dir_dentry) + goto out_lock; + if (lower_new_dentry->d_parent != lower_new_dir_dentry) + goto out_lock; + if (d_unhashed(lower_old_dentry) || d_unhashed(lower_new_dentry)) + goto out_lock; /* source should not be ancestor of target */ - if (trap == lower_old_dentry) { - rc = -EINVAL; + if (trap == lower_old_dentry) goto out_lock; - } /* target should not be ancestor of source */ if (trap == lower_new_dentry) { rc = -ENOTEMPTY; -- 2.31.1