fix: chown recursively in mkdirAllAndChown

Author: lucas-jacques

core/jailer/jaildir.go

@@ -56,11 +56,11 @@ func (j *jailDir) pathInRoot(p string) string {
 }
 
 func (j *jailDir) MkdirAll(dir string) error {
-	return mkdirAllAndChown(j.pathInRoot(dir), j.uid, j.gid, 0700)
+	return mkdirAllAndChown(j.pathInRoot(dir), 0700, j.uid, j.gid)
 }
 
 func (j *jailDir) Mkdir(dir string) error {
-	return mkdirAllAndChown(j.pathInRoot(dir), j.uid, j.gid, 0700)
+	return mkdirAllAndChown(j.pathInRoot(dir), 0700, j.uid, j.gid)
 }
 
 func (j *jailDir) MknodAndOwn(device string, mode uint32, dev uint64) error {

core/jailer/util.go

@@ -2,6 +2,8 @@ package jailer
 
 import (
 	"os"
+	"path/filepath"
+	"syscall"
 
 	"golang.org/x/sys/unix"
 )
@@ -20,25 +22,71 @@ func mkdirAndChown(path string, uid, gid int, perm os.FileMode) error {
 	return nil
 }
 
-func mkdirAllAndChown(path string, uid, gid int, perm os.FileMode) error {
-	err := os.MkdirAll(path, perm)
+func mkFifo(path string, uid, gid int, mode uint32) error {
+	err := unix.Mkfifo(path, mode)
 	if err != nil {
 		return err
 	}
 
-	err = os.Chown(path, uid, gid)
+	return os.Chown(path, uid, gid)
+}
+
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the https://cs.opensource.google/go/go LICENSE file.
+//
+// Extracted from os.MkdirAll
+func mkdirAllAndChown(path string, perm os.FileMode, uid, gid int) error {
+	// Fast path: if we can tell whether path is a directory or file, stop with success or error.
+	dir, err := os.Stat(path)
+	if err == nil {
+		if dir.IsDir() {
+			return nil
+		}
+		return &os.PathError{Op: "mkdir", Path: path, Err: syscall.ENOTDIR}
+	}
+
+	// Slow path: make sure parent exists and then call Mkdir for path.
+
+	// Extract the parent folder from path by first removing any trailing
+	// path separator and then scanning backward until finding a path
+	// separator or reaching the beginning of the string.
+	i := len(path) - 1
+	for i >= 0 && os.IsPathSeparator(path[i]) {
+		i--
+	}
+	for i >= 0 && !os.IsPathSeparator(path[i]) {
+		i--
+	}
+	if i < 0 {
+		i = 0
+	}
+
+	// If there is a parent directory, and it is not the volume name,
+	// recurse to ensure parent directory exists.
+	if parent := path[:i]; len(parent) > len(filepath.VolumeName(path)) {
+		err = mkdirAllAndChown(parent, perm, uid, gid)
+		if err != nil {
+			return err
+		}
+	}
+
+	// Parent now exists; invoke Mkdir and use its result.
+	err = os.Mkdir(path, perm)
 	if err != nil {
+		// Handle arguments like "foo/." by
+		// double-checking that directory doesn't exist.
+		dir, err1 := os.Lstat(path)
+		if err1 == nil && dir.IsDir() {
+			return nil
+		}
 		return err
 	}
 
-	return nil
-}
-
-func mkFifo(path string, uid, gid int, mode uint32) error {
-	err := unix.Mkfifo(path, mode)
+	err = os.Chown(path, uid, gid)
 	if err != nil {
 		return err
 	}
 
-	return os.Chown(path, uid, gid)
+	return nil
 }