diff options
author | Moritz Jodeit <moritz@cvs.openbsd.org> | 2005-05-28 17:07:54 +0000 |
---|---|---|
committer | Moritz Jodeit <moritz@cvs.openbsd.org> | 2005-05-28 17:07:54 +0000 |
commit | aad5afe1cb3ef150317b503b65ed62d342e6ad60 (patch) | |
tree | ebd2c3ae102482cce89d3edcf1303c00462ea494 /sbin | |
parent | af17e072f6c939c4fe9b7e008aadc698c4773712 (diff) |
make path checking in the monitor a lot easier. ok hshoexer@
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/isakmpd/monitor.c | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/sbin/isakmpd/monitor.c b/sbin/isakmpd/monitor.c index a2fe016e8c1..370ba94cd62 100644 --- a/sbin/isakmpd/monitor.c +++ b/sbin/isakmpd/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.55 2005/05/27 20:55:49 cloder Exp $ */ +/* $OpenBSD: monitor.c,v 1.56 2005/05/28 17:07:53 moritz Exp $ */ /* * Copyright (c) 2003 Håkan Olsson. All rights reserved. @@ -837,7 +837,7 @@ must_write(const void *buf, size_t n) static int m_priv_local_sanitize_path(char *path, size_t pmax, int flags) { - char *p; + char new_path[PATH_MAX]; /* * We only permit paths starting with @@ -845,23 +845,14 @@ m_priv_local_sanitize_path(char *path, size_t pmax, int flags) * /var/run/ (rw) */ - if (strlen(path) < strlen("/var/run/")) + if (realpath(path, new_path) == NULL) goto bad_path; - /* Any path containing '..' is invalid. */ - for (p = path; *p && (p - path) < (int)pmax; p++) - if (*p == '.' && *(p + 1) == '.') - goto bad_path; + if (strncmp("/var/run/", new_path, strlen("/var/run/")) == 0) + return 0; - /* For any write-mode, only a few paths are permitted. */ - if ((flags & O_ACCMODE) != O_RDONLY) { - if (strncmp("/var/run/", path, strlen("/var/run/")) == 0) - return 0; - goto bad_path; - } - /* Any other path is read-only. */ - if (strncmp(ISAKMPD_ROOT, path, strlen(ISAKMPD_ROOT)) == 0 || - strncmp("/var/run/", path, strlen("/var/run/")) == 0) + if (strncmp(ISAKMPD_ROOT, new_path, strlen(ISAKMPD_ROOT)) == 0 && + (flags & O_ACCMODE) == O_RDONLY) return 0; bad_path: |