X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fconf.c;h=f9af6851f9c3f39968d435f3591a6f59aa818825;hp=aaa4489911a09ad30cfbe75875a47c9216c084e3;hb=bf4e969899bb6cdeb05570d96a567c2833ac83bd;hpb=9e55426d72fd77fda891edd0023dab2f9909639e

diff --git a/src/conf.c b/src/conf.c
index aaa44899..f9af6851 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -19,11 +19,12 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: conf.c,v 1.9.4.25 2000/11/29 14:27:24 zarq Exp $
+    $Id: conf.c,v 1.9.4.29 2000/11/30 22:32:14 zarq Exp $
 */
 
 #include "config.h"
 
+#include <assert.h>
 #include <ctype.h>
 #include <errno.h>
 #include <netdb.h>
@@ -31,6 +32,9 @@
 #include <stdlib.h>
 #include <string.h>
 #include <syslog.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
 
 #include <xalloc.h>
 #include <utils.h> /* for cp */
@@ -154,6 +158,7 @@ char *readline(FILE *fp)
   maxlen = size;
   line = xmalloc(size);
   idx = line;
+  *idx = 0;
   for(;;)
     {
       errno = 0;
@@ -203,9 +208,7 @@ int read_config_file(config_t **base, const char *fname)
   config_t *cfg;
 cp
   if((fp = fopen (fname, "r")) == NULL)
-    {
-      return -1;
-    }
+    return -1;
 
   for(;;)
     {
@@ -214,7 +217,13 @@ cp
 	  err = -1;
 	  break;
 	}
-        
+
+      if(feof(fp))
+	{
+	  err = 0;
+	  break;
+	}
+
       lineno++;
 
       if((p = strtok(line, "\t =")) == NULL)
@@ -229,31 +238,33 @@ cp
 
       if(!hazahaza[i].name)
 	{
-	  syslog(LOG_ERR, _("Invalid variable name on line %d while reading config file %s"),
-		  lineno, fname);
+	  syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"),
+		  p, lineno, fname);
           break;
 	}
 
       if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
 	{
-	  fprintf(stderr, _("No value for variable on line %d while reading config file %s"),
-		  lineno, fname);
+	  fprintf(stderr, _("No value for variable `%s' on line %d while reading config file %s"),
+		  hazahaza[i].name, lineno, fname);
 	  break;
 	}
 
       cfg = add_config_val(base, hazahaza[i].argtype, q);
       if(cfg == NULL)
 	{
-	  fprintf(stderr, _("Invalid value for variable on line %d while reading config file %s"),
-		  lineno, fname);
+	  fprintf(stderr, _("Invalid value for variable `%s' on line %d while reading config file %s"),
+		  hazahaza[i].name, lineno, fname);
 	  break;
 	}
 
       cfg->which = hazahaza[i].which;
       if(!config)
 	config = cfg;
+      free(line);
     }
 
+  free(line);
   fclose (fp);
 cp
   return err;
@@ -309,7 +320,79 @@ cp
 cp
 }
 
-#define is_safe_file(p) 1
+int isadir(const char* f)
+{
+  struct stat s;
+
+  if(stat(f, &s) < 0)
+    {
+      fprintf(stderr, _("Couldn't stat `%s': %m\n"),
+	      f);
+      return -1;
+    }
+
+  return S_ISDIR(s.st_mode);
+}
+
+int is_safe_path(const char *file)
+{
+  char *p;
+  char *fn = xstrdup(file);
+  struct stat s;
+
+  p = strrchr(file, '/');
+  assert(p); /* p has to contain a / */
+  *p = '\0';
+  if(stat(file, &s) < 0)
+    {
+      fprintf(stderr, _("Couldn't stat `%s': %m\n"),
+	      file);
+      return 0;
+    }
+  if(s.st_uid != geteuid())
+    {
+      fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"),
+	      file, s.st_uid, geteuid());
+      return 0;
+    }
+  if(S_ISLNK(s.st_mode))
+    {
+      fprintf(stderr, _("Warning: `%s' is a symlink\n"),
+	      file);
+      /* fixme: read the symlink and start again */
+    }
+
+  *p = '/';
+  if(stat(file, &s) < 0 && errno != ENOENT)
+    {
+      fprintf(stderr, _("Couldn't stat `%s': %m\n"),
+	      file);
+      return 0;
+    }
+  if(errno == ENOENT)
+    return 1;
+  if(s.st_uid != geteuid())
+    {
+      fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"),
+	      file, s.st_uid, geteuid());
+      return 0;
+    }
+  if(S_ISLNK(s.st_mode))
+    {
+      fprintf(stderr, _("Warning: `%s' is a symlink\n"),
+	      file);
+      /* fixme: read the symlink and start again */
+    }
+  if(s.st_mode & 0007)
+    {
+      /* Accessible by others */
+      fprintf(stderr, _("`%s' has unsecure permissions.\n"),
+	      file);
+      return 0;
+    }
+  
+  return 1;
+}
 
 FILE *ask_and_safe_open(const char* filename, const char* what)
 {
@@ -352,25 +435,45 @@ FILE *ask_and_safe_open(const char* filename, const char* what)
       p = xmalloc(len);
       snprintf(p, len, "%s/%s", directory, fn);
       free(fn);
+      free(directory);
       fn = p;
     }
 
-  if(!is_safe_file(fn))
+  if(isadir(fn) > 0) /* -1 is error */
     {
-      fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
-			"I will not create or overwrite this file.\n"),
-			fn);
-      return NULL;
+      char *p;
+
+      len = strlen(fn) + strlen(filename) + 2; /* 1 for the / */
+      p = xmalloc(len);
+      snprintf(p, len, "%s/%s", fn, filename);
+      free(fn);
+      fn = p;
     }
 
+  umask(0077); /* Disallow everything for group and other */
+  
+  /* Open it first to keep the inode busy */
   if((r = fopen(fn, "w")) == NULL)
     {
       fprintf(stderr, _("Error opening file `%s': %m\n"),
 	      fn);
+      free(fn);
+      return NULL;
+    }
+
+  /* Then check the file for nasty attacks */
+  if(!is_safe_path(fn))  /* Do not permit any directories that are
+                            readable or writeable by other users. */
+    {
+      fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
+			"I will not create or overwrite this file.\n"),
+			fn);
+      fclose(r);
+      free(fn);
+      return NULL;
     }
 
   free(fn);
-  free(directory);
   
   return r;
 }