Bugtraq mailing list archives
Re: Apple MacOSX 10.9 Hard Link Memory Corruption
From: Stefan Arentz <stefan () basement sateh com>
Date: Fri, 8 Nov 2013 16:14:51 -0500
On Thu, Nov 07, 2013 at 10:50:59PM +0000, submit () cxsec org wrote:
mac-cxs-XK:pochd XK$ gcc -o test test.c mac-cxs-XK:pochd XK$ ls test test.c mac-cxs-XK:pochd XK$ mkdir DIR1 mac-cxs-XK:pochd XK$ ./test DIR1 Hardlink1 link(3) return= -1 mac-cxs-XK:pochd XK$ mkdir DIR1/DIR2 mac-cxs-XK:pochd XK$ ./test DIR1/DIR2 Hardlink2 link(3) return= 0 mac-cxs-XK:pochd XK$ cd DIR1 mac-cxs-XK:DIR1 XK$ mkdir DIR2/DIR3 mac-cxs-XK:DIR1 XK$ ../test DIR2/DIR3 Hardlink3 link(3) return= 0 mac-cxs-XK:DIR1 XK$ cd DIR2 mac-cxs-XK:DIR2 XK$ mkdir DIR3/DIR4 mac-cxs-XK:DIR2 XK$ ../../test DIR3/DIR4 Hardlink4 link(3) return= -1
The first failing case is easily explained: directory hard links cannot have the same
parent. This is checked in hfs_link.c[1] in hfs_vnop_link(). Search for the following
comment:
/*
* All directory links must reside in an non-ARCHIVED hierarchy.
*/
if (v_type == VDIR) {
/*
* - Source parent and destination parent cannot match
* - A link is not permitted in the root directory
* - Parent of 'pointed at' directory is not the root directory
* - The 'pointed at' directory (source) is not an ancestor
* of the new directory hard link (destination).
* - No ancestor of the new directory hard link (destination)
* is a directory hard link.
*/
if ((parentcnid == tdcp->c_fileid) ||
(tdcp->c_fileid == kHFSRootFolderID) ||
(parentcnid == kHFSRootFolderID) ||
cat_check_link_ancestry(hfsmp, tdcp->c_fileid, cp->c_fileid)) {
error = EPERM; /* abide by the rules, you did not */
goto out;
}
}
Does this also explain the last case?
S.
[1] http://opensource.apple.com/source/xnu/xnu-2422.1.72/bsd/hfs/hfs_link.c
Current thread:
- Apple MacOSX 10.9 Hard Link Memory Corruption submit (Nov 08)
- Re: Apple MacOSX 10.9 Hard Link Memory Corruption Stefan Arentz (Nov 11)