projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use umask() to set file and UNIX socket permissions without race conditions.
[tinc]
/
src
/
net_setup.c
diff --git
a/src/net_setup.c
b/src/net_setup.c
index
8ae1e72
..
0fedafa
100644
(file)
--- a/
src/net_setup.c
+++ b/
src/net_setup.c
@@
-711,7
+711,12
@@
static bool setup_myself(void) {
get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver);
strictsubnets |= tunnelserver;
get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver);
strictsubnets |= tunnelserver;
-
+ if(get_config_int(lookup_config(config_tree, "MaxConnectionBurst"), &max_connection_burst)) {
+ if(max_connection_burst <= 0) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "MaxConnectionBurst cannot be negative!");
+ return false;
+ }
+ }
if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
if(udp_rcvbuf <= 0) {
if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
if(udp_rcvbuf <= 0) {
@@
-863,7
+868,12
@@
static bool setup_myself(void) {
unlink(unixsocketname);
unlink(unixsocketname);
- if(bind(unix_fd, (struct sockaddr *)&sa, sizeof sa) < 0) {
+ mode_t mask = umask(0);
+ umask(mask | 077);
+ int result = bind(unix_fd, (struct sockaddr *)&sa, sizeof sa);
+ umask(mask);
+
+ if(result < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind UNIX socket to %s: %s", unixsocketname, sockstrerror(errno));
return false;
}
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind UNIX socket to %s: %s", unixsocketname, sockstrerror(errno));
return false;
}