X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fbasic%2Frm-rf.c;fp=src%2Fbasic%2Frm-rf.c;h=565f240e120d0e6750eda66ffc91a0706fb616b1;hb=99b26b4267937bb2f77f964b8e72038f6e90d6da;hp=94c67bae330ce067cfbdd6a0c013bf8cdcb9b425;hpb=6179ccf82559f78ee6526452d6052b4a964f7f3b;p=elogind.git

diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c
index 94c67bae3..565f240e1 100644
--- a/src/basic/rm-rf.c
+++ b/src/basic/rm-rf.c
@@ -190,6 +190,13 @@ int rm_rf(const char *path, RemoveFlags flags) {
         }
 
 #if 0 /// elogind does not support BTRFS this directly
+        /* Another safe-check. Removing "/path/.." could easily remove entire root as well.
+         * It's especially easy to do using globs in tmpfiles, like "/path/.*", which the glob()
+         * function expands to both "/path/." and "/path/..".
+         * Return -EINVAL to be consistent with rmdir("/path/."). */
+        if (endswith(path, "/..") || endswith(path, "/../"))
+                return -EINVAL;
+
         if ((flags & (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) == (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) {
                 /* Try to remove as subvolume first */
                 r = btrfs_subvol_remove(path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);