NotificationsYou must be signed in to change notification settings
Fork123
Star911

Commit4724d7f

authored

Fix TOCTOU symlink vulnerability in lock file creation (#461)

1 parentcb69414 commit4724d7fCopy full SHA for 4724d7f

File tree

2 files changed

+39

-1

lines changed

src/filelock
- _unix.py
- _windows.py

2 files changed

+39

-1

lines changed

`‎src/filelock/_unix.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ class UnixFileLock(BaseFileLock):`
`38`	`38`
`39`	`39`	`def_acquire(self)->None:`
`40`	`40`	`ensure_directory_exists(self.lock_file)`
`41`		`-open_flags=os.O_RDWR\|os.O_TRUNC`
	`41`	`+open_flags=os.O_RDWR\|os.O_TRUNC\|os.O_NOFOLLOW`
`42`	`42`	`ifnotPath(self.lock_file).exists():`
`43`	`43`	`open_flags\|=os.O_CREAT`
`44`	`44`	`fd=os.open(self.lock_file,open_flags,self._context.mode)`

`‎src/filelock/_windows.py‎`

Lines changed: 38 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,14 +11,52 @@`
`11`	`11`	`from ._utilimportensure_directory_exists,raise_on_not_writable_file`
`12`	`12`
`13`	`13`	`ifsys.platform=="win32":# pragma: win32 cover`
	`14`	`+importctypes`
`14`	`15`	`importmsvcrt`
	`16`	`+fromctypesimportwintypes`
	`17`	`+`
	`18`	`+# Windows API constants for reparse point detection`
	`19`	`+FILE_ATTRIBUTE_REPARSE_POINT=0x00000400`
	`20`	`+INVALID_FILE_ATTRIBUTES=0xFFFFFFFF`
	`21`	`+`
	`22`	`+# Load kernel32.dll`
	`23`	`+_kernel32=ctypes.WinDLL("kernel32",use_last_error=True)`
	`24`	`+_kernel32.GetFileAttributesW.argtypes= [wintypes.LPCWSTR]`
	`25`	`+_kernel32.GetFileAttributesW.restype=wintypes.DWORD`
	`26`	`+`
	`27`	`+def_is_reparse_point(path:str)->bool:`
	`28`	`+"""`
	`29`	`+ Check if a path is a reparse point (symlink, junction, etc.) on Windows.`
	`30`	`+`
	`31`	`+ :param path: Path to check`
	`32`	`+ :return: True if path is a reparse point, False otherwise`
	`33`	`+ :raises OSError: If GetFileAttributesW fails for reasons other than file-not-found`
	`34`	`+ """`
	`35`	`+attrs=_kernel32.GetFileAttributesW(path)`
	`36`	`+ifattrs==INVALID_FILE_ATTRIBUTES:`
	`37`	`+# File doesn't exist yet - that's fine, we'll create it`
	`38`	`+err=ctypes.get_last_error()`
	`39`	`+iferr==2:# noqa: PLR2004 # ERROR_FILE_NOT_FOUND`
	`40`	`+returnFalse`
	`41`	`+iferr==3:# noqa: PLR2004 # ERROR_PATH_NOT_FOUND`
	`42`	`+returnFalse`
	`43`	`+# Some other error - let caller handle it`
	`44`	`+returnFalse`
	`45`	`+returnbool(attrs&FILE_ATTRIBUTE_REPARSE_POINT)`
`15`	`46`
`16`	`47`	`classWindowsFileLock(BaseFileLock):`
`17`	`48`	"""Uses the :func:`msvcrt.locking` function to hard lock the lock file on Windows systems."""
`18`	`49`
`19`	`50`	`def_acquire(self)->None:`
`20`	`51`	`raise_on_not_writable_file(self.lock_file)`
`21`	`52`	`ensure_directory_exists(self.lock_file)`
	`53`	`+`
	`54`	`+# Security check: Refuse to open reparse points (symlinks, junctions)`
	`55`	`+# This prevents TOCTOU symlink attacks (CVE-TBD)`
	`56`	`+if_is_reparse_point(self.lock_file):`
	`57`	`+msg=f"Lock file is a reparse point (symlink/junction):{self.lock_file}"`
	`58`	`+raiseOSError(msg)`
	`59`	`+`
`22`	`60`	`flags= (`
`23`	`61`	`os.O_RDWR# open for read and write`
`24`	`62`	`\|os.O_CREAT# create file if not exists`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit4724d7f

File tree

2 files changed

2 files changed

`‎src/filelock/_unix.py‎`

`‎src/filelock/_windows.py‎`

0 commit comments