xdg-document-portal: Honour O_NOFOLLOW on open

Resolve the symlink from /proc before opening See flatpak#1117 Signed-off-by: Hubert Figuière <[email protected]>
hfiguiere · Nov 14, 2023 · 0f327ce · 0f327ce
1 parent eff3a85
commit 0f327ce
Showing 1 changed file with 22 additions and 1 deletion.
diff --git a/document-portal/document-portal-fuse.c b/document-portal/document-portal-fuse.c
@@ -1,5 +1,6 @@
 /*
  * Copyright © 2018 Red Hat, Inc
+ * Copyright © 2023 GNOME Foundation Inc.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -16,6 +17,7 @@
  *
  * Authors:
  *       Alexander Larsson <[email protected]>
+ *       Hubert Figuière <[email protected]>
  */
 
 #include "config.h"
@@ -1897,7 +1899,26 @@ xdp_fuse_open (fuse_req_t req,
     return;
 
   path = fd_to_path (inode->physical->fd);
-  fd = open (path, open_flags, 0);
+  if (open_flags & O_NOFOLLOW)
+    {
+      ssize_t res;
+      char actual_path[PATH_MAX];
+      /*
+       * `path` is a path to the fd entry in `/proc`, which is a symlink
+       * to the actual file. Opening it directly with `O_NOFOLLOW` will
+       * fail. So we should resolve it first then we can honour the no
+       * follow flag.
+       */
+      res = readlink (path, actual_path, sizeof (actual_path));
+      if (res == sizeof (actual_path))
+        return xdp_reply_err (op, req, ENAMETOOLONG);
+      if (res < 0)
+        return xdp_reply_err (op, req, errno);
+
+      fd = open (actual_path, open_flags, 0);
+    }
+  else
+    fd = open (path, open_flags, 0);
   if (fd == -1)
     return xdp_reply_err (op, req, errno);