writer: Also check for dir hardlinks when canonicalizing tree

While we have a check in `mkcomposefs.c`, let's also have one at the C API level because we want to guard against misuse/attack from something directly operating on that API. Signed-off-by: Colin Walters <[email protected]>
cgwalters · Aug 20, 2024 · 23ca1d7 · 23ca1d7
1 parent 8ee4cf5
commit 23ca1d7
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/libcomposefs/lcfs-writer.c b/libcomposefs/lcfs-writer.c
@@ -216,6 +216,16 @@ int lcfs_compute_tree(struct lcfs_ctx_s *ctx, struct lcfs_node_s *root)
 			node->inode.st_nlink = n_link;
 		}
 
+		// Disallow directory hardlinks; the EROFS generation does
+		// do this specially for `.` and `..`, but that happens after this.
+		if (node->link_to != NULL) {
+			if ((node->inode.st_mode & S_IFMT) == S_IFDIR ||
+			    (node->link_to->inode.st_mode & S_IFMT) == S_IFDIR) {
+				errno = EINVAL;
+				return -1;
+			}
+		}
+
 		/* Canonical order */
 		if (node->xattrs)
 			qsort(node->xattrs, node->n_xattrs,