diff options
author | Moritz Jodeit <moritz@cvs.openbsd.org> | 2005-05-28 18:38:39 +0000 |
---|---|---|
committer | Moritz Jodeit <moritz@cvs.openbsd.org> | 2005-05-28 18:38:39 +0000 |
commit | 189b2720c2bdd6b4f4df6a15d3223de057ad4b9c (patch) | |
tree | 3957c443efe48f87575160db66cc74c6ba4c65b9 | |
parent | 3bf54f8a8e16b90ad64f277f9a6d1ad079a43ad1 (diff) |
do sanity checking on directoy entries. ok hshoexer@
-rw-r--r-- | sbin/isakmpd/monitor.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/sbin/isakmpd/monitor.c b/sbin/isakmpd/monitor.c index 113836d4219..7fc242f0057 100644 --- a/sbin/isakmpd/monitor.c +++ b/sbin/isakmpd/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.57 2005/05/28 17:42:49 moritz Exp $ */ +/* $OpenBSD: monitor.c,v 1.58 2005/05/28 18:38:38 moritz Exp $ */ /* * Copyright (c) 2003 Håkan Olsson. All rights reserved. @@ -797,8 +797,11 @@ m_priv_local_sanitize_path(char *path, size_t pmax, int flags) * /var/run/ (rw) */ - if (realpath(path, new_path) == NULL) + if (realpath(path, new_path) == NULL) { + if (errno == ENOENT) + return 1; goto bad_path; + } if (strncmp("/var/run/", new_path, strlen("/var/run/")) == 0) return 0; @@ -917,8 +920,6 @@ m_priv_req_readdir() off = strlen(path); size = sizeof path - off; - /* XXX sanitize path */ - if ((dp = opendir(path)) == NULL) { serrno = errno; ret = -1; @@ -934,10 +935,14 @@ m_priv_req_readdir() while ((file = readdir(dp)) != NULL) { strlcpy(path + off, file->d_name, size); - if (file->d_type != DT_UNKNOWN && file->d_type != DT_REG && - file->d_type != DT_LNK) - continue; + if (file->d_type != DT_REG && file->d_type != DT_LNK) + continue; + if (m_priv_local_sanitize_path(path, sizeof path, O_RDONLY) + != 0) { + log_errorx("m_priv_req_readdir: invalid dir entry"); + continue; + } fd = open(path, O_RDONLY, 0); if (fd == -1) { log_error("m_priv_req_readdir: open " |