mirrors/git-pages
1
0
Fork 0
mirror of https://codeberg.org/git-pages/git-pages.git synced 2026-05-14 11:11:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Work around a TOCTTOU race in os.Root.MkdirAll().

Browse Source 
This race was reliably triggered by an initial push into an empty blob
store, causing it to fail.
This commit is contained in:
Catherine
2025-09-17 23:14:52 +00:00
parent 82f24d5508
commit c9b2cbb52e
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/backend.go
View File

@@ -144,8 +144,18 @@ func (fs *FSBackend) PutBlob(name string, data []byte) error {
return fmt.Errorf("chmod: %w", err)
}
if err := fs.blobRoot.MkdirAll(blobDir, 0o755); err != nil {
return fmt.Errorf("mkdir: %w", err)
again:
for {
if err := fs.blobRoot.MkdirAll(blobDir, 0o755); err != nil {
if errors.Is(err, os.ErrExist) {
// Handle the case where two `PutBlob()` calls race creating a common prefix
// of a blob directory. The `MkdirAll()` call that loses the TOCTTOU condition
// bails out, so we have to repeat it.
continue again
}
return fmt.Errorf("mkdir: %w", err)
}
break
}
if err := fs.blobRoot.Rename(tempPath, blobPath); err != nil {