From 6f097098e0f93a9d4219502b6c7017985a7de70a Mon Sep 17 00:00:00 2001
From: elfarto <elfarto@elfarto.com>
Date: Mon, 13 Dec 2021 18:02:47 +0000
Subject: [PATCH] Bug 1743014 - Handle unlink("") calls internally. r=jld

unlink("") will always return -ENOENT if passed to the kernel, so just
do the same thing here. We need this as empty paths can't be whitelisted.

Differential Revision: https://phabricator.services.mozilla.com/D132174
---
 .../sandbox/common/test/SandboxTestingChildTests.h     | 10 ++++++++++
 security/sandbox/linux/SandboxFilter.cpp               |  8 ++++++++
 2 files changed, 18 insertions(+)

diff --git a/security/sandbox/common/test/SandboxTestingChildTests.h b/security/sandbox/common/test/SandboxTestingChildTests.h
index 4b23bab97fe7..57aecf1ea7bf 100644
--- a/security/sandbox/common/test/SandboxTestingChildTests.h
+++ b/security/sandbox/common/test/SandboxTestingChildTests.h
@@ -219,6 +219,16 @@ void RunTestsRDD(SandboxTestingChild* child) {
     int rv = getrusage(RUSAGE_SELF, &res);
     return rv;
   });
+
+  child->ErrnoValueTest("unlink"_ns, false, ENOENT, [&] {
+    int rv = unlink("");
+    return rv;
+  });
+
+  child->ErrnoValueTest("unlinkat"_ns, false, ENOENT, [&] {
+    int rv = unlinkat(AT_FDCWD, "", 0);
+    return rv;
+  });
 #  endif  // XP_LINUX
 #else     // XP_UNIX
   child->ReportNoTests();
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
index eb72d944c8d4..f5760b0a4340 100644
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -283,6 +283,10 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
   static intptr_t UnlinkTrap(ArgsRef aArgs, void* aux) {
     auto broker = static_cast<SandboxBrokerClient*>(aux);
     auto path = reinterpret_cast<const char*>(aArgs.args[0]);
+    if (path && path[0] == '\0') {
+      // If the path is empty, then just fail the call here
+      return -ENOENT;
+    }
     return broker->Unlink(path);
   }
 
@@ -472,6 +476,10 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
     auto fd = static_cast<int>(aArgs.args[0]);
     auto path = reinterpret_cast<const char*>(aArgs.args[1]);
     auto flags = static_cast<int>(aArgs.args[2]);
+    if (path && path[0] == '\0') {
+      // If the path is empty, then just fail the call here
+      return -ENOENT;
+    }
     if (fd != AT_FDCWD && path[0] != '/') {
       SANDBOX_LOG_ERROR("unsupported fd-relative unlinkat(%d, \"%s\", 0x%x)",
                         fd, path, flags);