From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 6EA90385C422; Wed, 4 Oct 2023 11:28:47 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6EA90385C422 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1696418927; bh=Igkwatky5jwSDHyKT5iS3eQGmw4/yIdQ5aKxEXGCydk=; h=From:To:Subject:Date:In-Reply-To:References:From; b=oSeSDioBTKFI+t5ML1tkGpnhS7S5zzTS+HB7OxojeTM3+RSOLBN8PZV8faNKwcLZt ptRrOG8KITujnN5/1mTXet9P1m6EoXXsUpKiB8gUfNsnUW/tgj+AHRrLXZn3WOFoeU vMWBpCGpRds/NFtqwbqWyrnhcCI0/3hMQf3cPPo0= From: "cvs-commit at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug libstdc++/104161] Potential Security Vulnerability: remove_all and symbolic link Date: Wed, 04 Oct 2023 11:28:47 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: libstdc++ X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: redi at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104161 --- Comment #11 from CVS Commits --- The releases/gcc-11 branch has been updated by Jonathan Wakely : https://gcc.gnu.org/g:e742c6baa92403767b4ba8227f34fc7919db28e0 commit r11-11039-ge742c6baa92403767b4ba8227f34fc7919db28e0 Author: Jonathan Wakely Date: Mon Feb 7 23:36:47 2022 +0000 libstdc++: Fix filesystem::remove_all for Windows [PR104161] The recursive_directory_iterator::__erase member was failing for Windows, because the entry._M_type value is always file_type::none (because _Dir_base::advance doesn't populate it for Windows) and top.unlink uses fs::remove which sets an error using the system_category. That meant that ec.value() was a Windows error code and not an errno value, so the comparisons to EPERM and EISDIR failed. Instead of depending on a specific Windows error code for attempting to remove a directory, just use directory_entry::refresh() to query the type first. This doesn't avoid the TOCTTOU races with directory symlinks, but we can't avoid them on Windows without openat and unlinkat, and creating symlinks requires admin privs on Windows anyway. This also fixes the fs::remove_all(const path&) overload, which was supposed to use the same logic as the other overload, but I forgot to change it before my previous commit. libstdc++-v3/ChangeLog: PR libstdc++/104161 * src/c++17/fs_dir.cc (fs::recursive_directory_iterator::__eras= e): [i_GLIBCXX_FILESYSTEM_IS_WINDOWS]: Refresh entry._M_type member, instead of checking for errno values indicating a directory. * src/c++17/fs_ops.cc (fs::remove_all(const path&)): Use similar logic to non-throwing overload. (fs::remove_all(const path&, error_code&)): Add comments. * src/filesystem/ops-common.h: Likewise. (cherry picked from commit 5750952bec1e632d1f804f4a1bed2f74c0f3b189)=