X-Git-Url: https://git.armaanb.net/?a=blobdiff_plain;f=timestamp.c;h=bca260d1071f3f2436708c4aa6c1588567c9b009;hb=b82ffa68a6436ce3f4c4b480bc9c12ac284b0d99;hp=e97c92f6ea23af4ec2835dfc66a3b2d056c3bfd0;hpb=9be2d262af3d7f57697345fe4e3614fa87c5fa58;p=opendoas.git diff --git a/timestamp.c b/timestamp.c index e97c92f..bca260d 100644 --- a/timestamp.c +++ b/timestamp.c @@ -1,3 +1,21 @@ +/* + * Copyright (c) 2020 Duncan Overbruck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + /* * 1) Timestamp files and directories * @@ -64,7 +82,8 @@ #include #include -#include "includes.h" +#include "openbsd.h" +#include "doas.h" #ifndef TIMESTAMP_DIR # define TIMESTAMP_DIR "/run/doas" @@ -98,25 +117,32 @@ proc_info(pid_t pid, int *ttynr, unsigned long long *starttime) if (n < 0 || n >= (int)sizeof path) return -1; - if ((fd = open(path, O_RDONLY)) == -1) + if ((fd = open(path, O_RDONLY|O_NOFOLLOW)) == -1) { + warn("failed to open: %s", path); return -1; + } - while ((n = read(fd, p, buf + sizeof buf - p)) != 0) { + while ((n = read(fd, p, buf + (sizeof buf - 1) - p)) != 0) { if (n == -1) { if (errno == EAGAIN || errno == EINTR) continue; + warn("read: %s", path); close(fd); return -1; } p += n; - if (p >= buf + sizeof buf) + if (p >= buf + (sizeof buf - 1)) break; } close(fd); /* error if it contains NULL bytes */ - if (n != 0 || memchr(buf, '\0', p - buf)) + if (n != 0 || memchr(buf, '\0', p - buf - 1) != NULL) { + warn("NUL in: %s", path); return -1; + } + + *p = '\0'; /* Get the 7th field, 5 fields after the last ')', * (2th field) because the 5th field 'comm' can include @@ -141,13 +167,11 @@ proc_info(pid_t pid, int *ttynr, unsigned long long *starttime) if (p == ep || (errno == ERANGE && *starttime == ULLONG_MAX)) return -1; - break; + return 0; } - if (n == 23) - break; } - return 0; + return -1; } #else #error "proc_info not implemented" @@ -196,14 +220,19 @@ timestamp_check(int fd, int secs) struct stat st; if (fstat(fd, &st) == -1) - return 0; + err(1, "fstat"); + if (st.st_uid != 0 || st.st_gid != getgid() || st.st_mode != (S_IFREG | 0000)) + errx(1, "timestamp uid, gid or mode wrong"); + /* this timestamp was created but never set, invalid but no error */ if (!timespecisset(&st.st_atim) || !timespecisset(&st.st_mtim)) return 0; if (clock_gettime(CLOCK_BOOTTIME, &ts[0]) == -1 || - clock_gettime(CLOCK_REALTIME, &ts[1]) == -1) + clock_gettime(CLOCK_REALTIME, &ts[1]) == -1) { + warn("clock_gettime"); return 0; + } /* check if timestamp is too old */ if (timespeccmp(&st.st_atim, &ts[0], <) || @@ -214,8 +243,10 @@ timestamp_check(int fd, int secs) timespecadd(&ts[0], &timeout, &ts[0]); timespecadd(&ts[1], &timeout, &ts[1]); if (timespeccmp(&st.st_atim, &ts[0], >) || - timespeccmp(&st.st_mtim, &ts[1], >)) + timespeccmp(&st.st_mtim, &ts[1], >)) { + warnx("timestamp too far in the future"); return 0; + } return 1; } @@ -243,14 +274,14 @@ timestamp_open(int *valid, int secs) if (timestamp_path(path, sizeof path) == -1) return -1; - if (stat(path, &st) != -1 && (st.st_uid != 0 || st.st_gid != getgid()|| st.st_mode != (S_IFREG | 0000))) - return -1; - fd = open(path, O_RDONLY|O_NOFOLLOW); if (fd == -1) { char tmp[256]; int n; + if (errno != ENOENT) + err(1, "open: %s", path); + n = snprintf(tmp, sizeof tmp, TIMESTAMP_DIR "/.tmp-%d", getpid()); if (n < 0 || n >= (int)sizeof tmp) return -1;