From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id E0E513858C3A; Tue, 8 Feb 2022 13:40:46 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E0E513858C3A From: "cvs-commit at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug libstdc++/104161] Potential Security Vulnerability: remove_all and symbolic link Date: Tue, 08 Feb 2022 13:40:46 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: libstdc++ X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: redi at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2022 13:40:47 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104161 --- Comment #8 from CVS Commits --- The master branch has been updated by Jonathan Wakely : https://gcc.gnu.org/g:5750952bec1e632d1f804f4a1bed2f74c0f3b189 commit r12-7099-g5750952bec1e632d1f804f4a1bed2f74c0f3b189 Author: Jonathan Wakely Date: Mon Feb 7 23:36:47 2022 +0000 libstdc++: Fix filesystem::remove_all for Windows [PR104161] The recursive_directory_iterator::__erase member was failing for Windows, because the entry._M_type value is always file_type::none (because _Dir_base::advance doesn't populate it for Windows) and top.unlink uses fs::remove which sets an error using the system_category. That meant that ec.value() was a Windows error code and not an errno value, so the comparisons to EPERM and EISDIR failed. Instead of depending on a specific Windows error code for attempting to remove a directory, just use directory_entry::refresh() to query the type first. This doesn't avoid the TOCTTOU races with directory symlinks, but we can't avoid them on Windows without openat and unlinkat, and creating symlinks requires admin privs on Windows anyway. This also fixes the fs::remove_all(const path&) overload, which was supposed to use the same logic as the other overload, but I forgot to change it before my previous commit. libstdc++-v3/ChangeLog: PR libstdc++/104161 * src/c++17/fs_dir.cc (fs::recursive_directory_iterator::__eras= e): [i_GLIBCXX_FILESYSTEM_IS_WINDOWS]: Refresh entry._M_type member, instead of checking for errno values indicating a directory. * src/c++17/fs_ops.cc (fs::remove_all(const path&)): Use similar logic to non-throwing overload. (fs::remove_all(const path&, error_code&)): Add comments. * src/filesystem/ops-common.h: Likewise.=