libsandbox: fix violations where ENOENT is expected

These changes revert f7d02c04 that aimed to resolve 921581 and
fix it in a way that doesn't cause unwanted sandbox violations.

Bug: https://bugs.gentoo.org/921581
Signed-off-by: Aliaksei Urbanski <aliaksei.urbanski@gmail.com>
Signed-off-by: Mike Gilbert <floppym@gentoo.org>

2 files changed, 7 insertions, 3 deletions

diff --git a/libsandbox/pre_check_mkdirat.c b/libsandbox/pre_check_mkdirat.c
index 49c382a..c717576 100644
--- a/libsandbox/pre_check_mkdirat.c
+++ b/libsandbox/pre_check_mkdirat.c
@@ -37,15 +37,17 @@ bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd)
 	 * will trigger a sandbox violation.
 	 */
 	struct stat64 st;
-	if (0 == lstat64(pathname, &st)) {
+	if (0 == lstat64(canonic, &st)) {
 		int new_errno;
 		sb_debug_dyn("EARLY FAIL: %s(%s[%s]) @ lstat: %s\n",
 			func, pathname, canonic, strerror(errno));
 
 		new_errno = EEXIST;
 
-		/* Hmm, is this a broken symlink we're trying to extend ? */
-		if (S_ISLNK(st.st_mode) && stat64(pathname, &st) != 0) {
+		/* Hmm, is this a broken symlink we're trying to extend ?
+		 * Or is this a path like "foo/.." ?
+		 */
+		if (stat64(pathname, &st) != 0) {
 			/* XXX: This awful hack should probably be turned into a
 			 * common func that does a better job.  For now, we have
 			 * enough crap to catch gnulib tests #297026.
diff --git a/tests/mkdirat-3.sh b/tests/mkdirat-3.sh
index fe20579..8292af9 100755
--- a/tests/mkdirat-3.sh
+++ b/tests/mkdirat-3.sh
@@ -4,4 +4,6 @@
 set -e
 mkdirat-0 -1,ENOENT .:O_DIRECTORY '' 0
 
+mkdirat-0 -1,ENOENT .:O_DIRECTORY 'foo/..' 0
+
 mkdirat-0 -1,ENOENT -3 '' 0