Handle empty argv

[opendoas.git] / timestamp.c

diff --git a/timestamp.c b/timestamp.c
index 38c89ffcf590c083fbc4a3ce15d2b4b05d0ded1d..bca260d1071f3f2436708c4aa6c1588567c9b009 100644 (file)
--- a/timestamp.c
+++ b/timestamp.c
@@ -1,3 +1,21 @@
+/*
+ * Copyright (c) 2020 Duncan Overbruck <mail@duncano.de>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "config.h"
+
 /*
  * 1) Timestamp files and directories
  *
@@ -64,7 +82,8 @@
 #include <time.h>
 #include <unistd.h>
 
-#include "includes.h"
+#include "openbsd.h"
+#include "doas.h"
 
 #ifndef TIMESTAMP_DIR
 #      define TIMESTAMP_DIR "/run/doas"
@@ -98,12 +117,12 @@ proc_info(pid_t pid, int *ttynr, unsigned long long *starttime)
        if (n < 0 || n >= (int)sizeof path)
                return -1;
 
-       if ((fd = open(path, O_RDONLY)) == -1) {
+       if ((fd = open(path, O_RDONLY|O_NOFOLLOW)) == -1) {
                warn("failed to open: %s", path);
                return -1;
        }
 
-       while ((n = read(fd, p, buf + sizeof buf - p)) != 0) {
+       while ((n = read(fd, p, buf + (sizeof buf - 1) - p)) != 0) {
                if (n == -1) {
                        if (errno == EAGAIN || errno == EINTR)
                                continue;
@@ -112,15 +131,18 @@ proc_info(pid_t pid, int *ttynr, unsigned long long *starttime)
                        return -1;
                }
                p += n;
-               if (p >= buf + sizeof buf)
+               if (p >= buf + (sizeof buf - 1))
                        break;
        }
        close(fd);
 
        /* error if it contains NULL bytes */
-       if (n != 0 || memchr(buf, '\0', p - buf)) {
+       if (n != 0 || memchr(buf, '\0', p - buf - 1) != NULL) {
                warn("NUL in: %s", path);
                return -1;
+       }
+
+       *p = '\0';
 
        /* Get the 7th field, 5 fields after the last ')',
         * (2th field) because the 5th field 'comm' can include
@@ -199,11 +221,12 @@ timestamp_check(int fd, int secs)
 
        if (fstat(fd, &st) == -1)
                err(1, "fstat");
+       if (st.st_uid != 0 || st.st_gid != getgid() || st.st_mode != (S_IFREG | 0000))
+               errx(1, "timestamp uid, gid or mode wrong");
 
-       if (!timespecisset(&st.st_atim) || !timespecisset(&st.st_mtim)) {
-               warnx("timestamp atim or mtime not set");
+       /* this timestamp was created but never set, invalid but no error */
+       if (!timespecisset(&st.st_atim) || !timespecisset(&st.st_mtim))
                return 0;
-       }
 
        if (clock_gettime(CLOCK_BOOTTIME, &ts[0]) == -1 ||
            clock_gettime(CLOCK_REALTIME, &ts[1]) == -1) {
@@ -251,9 +274,6 @@ timestamp_open(int *valid, int secs)
        if (timestamp_path(path, sizeof path) == -1)
                return -1;
 
-       if (stat(path, &st) != -1 && (st.st_uid != 0 || st.st_gid != getgid()|| st.st_mode != (S_IFREG | 0000)))
-               return -1;
-
        fd = open(path, O_RDONLY|O_NOFOLLOW);
        if (fd == -1) {
                char tmp[256];