s3: smbd: Don't loop infinitely on bad-symlink resolution.
authorJeremy Allison <jra@samba.org>
Wed, 15 Feb 2017 23:42:52 +0000 (15:42 -0800)
committerJeremy Allison <jra@samba.org>
Thu, 16 Feb 2017 17:14:20 +0000 (18:14 +0100)
commit10c3e3923022485c720f322ca4f0aca5d7501310
tree72744ada62b61007c04b1506014752101471d8a4
parent295f757fe16d508368095936a8d3cba096bceb5d
s3: smbd: Don't loop infinitely on bad-symlink resolution.

In the FILE_OPEN_IF case we have O_CREAT, but not
O_EXCL. Previously we went into a loop trying first
~(O_CREAT|O_EXCL), and if that returned ENOENT
try (O_CREAT|O_EXCL). We kept looping indefinately
until we got an error, or the file was created or
opened.

The big problem here is dangling symlinks. Opening
without O_NOFOLLOW means both bad symlink
and missing path return -1, ENOENT from open(). As POSIX
is pathname based it's not possible to tell
the difference between these two cases in a
non-racy way, so change to try only two attempts before
giving up.

We don't have this problem for the O_NOFOLLOW
case as we just return NT_STATUS_OBJECT_PATH_NOT_FOUND
mapped from the ELOOP POSIX error and immediately
returned.

Unroll the loop logic to two tries instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12572

Pair-programmed-with: Ralph Boehme <slow@samba.org>

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
source3/smbd/open.c