diff options
author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2019-12-19 19:09:54 +0000 |
---|---|---|
committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2019-12-19 19:09:54 +0000 |
commit | d9dfb4d53461965d1fb99cb64b2f28666fe1f9e0 (patch) | |
tree | 3c2364cfa87e5781cf03aaff874e66d4c129bda9 /sbin | |
parent | 51084469ceff69381c51d8b392a4de422a657c95 (diff) |
The previous fix for creating isakmpd(8) IKE pcap file, weakened
the path sanitizer in the privsep parent. Bring back the checks
in a way that works with new realpath(3).
tested and OK hshoexer@
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/isakmpd/monitor.c | 38 |
1 files changed, 30 insertions, 8 deletions
diff --git a/sbin/isakmpd/monitor.c b/sbin/isakmpd/monitor.c index 380818d36d6..30fb565dedc 100644 --- a/sbin/isakmpd/monitor.c +++ b/sbin/isakmpd/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.79 2019/12/10 15:51:21 bluhm Exp $ */ +/* $OpenBSD: monitor.c,v 1.80 2019/12/19 19:09:53 bluhm Exp $ */ /* * Copyright (c) 2003 Håkan Olsson. All rights reserved. @@ -71,7 +71,7 @@ static void m_priv_setsockopt(void); static void m_priv_req_readdir(void); static void m_priv_bind(void); static void m_priv_pfkey_open(void); -static int m_priv_local_sanitize_path(char *, size_t, int); +static int m_priv_local_sanitize_path(const char *, size_t, int); static int m_priv_check_sockopt(int, int); static int m_priv_check_bind(const struct sockaddr *, socklen_t); @@ -517,8 +517,9 @@ m_priv_getfd(void) must_read(&mode, sizeof mode); if ((ret = m_priv_local_sanitize_path(path, sizeof path, flags)) - != 0 && errno != ENOENT) { - log_print("m_priv_getfd: illegal path \"%s\"", path); + != 0) { + if (errno != ENOENT) + log_print("m_priv_getfd: illegal path \"%s\"", path); err = errno; v = -1; } else { @@ -683,9 +684,9 @@ must_write(const void *buf, size_t n) /* Check that path/mode is permitted. */ static int -m_priv_local_sanitize_path(char *path, size_t pmax, int flags) +m_priv_local_sanitize_path(const char *path, size_t pmax, int flags) { - char new_path[PATH_MAX], var_run[PATH_MAX]; + char new_path[PATH_MAX], var_run[PATH_MAX], *enddir; /* * We only permit paths starting with @@ -693,8 +694,29 @@ m_priv_local_sanitize_path(char *path, size_t pmax, int flags) * /var/run/ (rw) */ - if (realpath(path, new_path) == NULL || - realpath("/var/run", var_run) == NULL) + if (realpath(path, new_path) == NULL) { + if (errno != ENOENT) + return 1; + /* + * It is ok if the directory exists, + * but the file should be created. + */ + if (strlcpy(new_path, path, sizeof(new_path)) >= + sizeof(new_path)) + return 1; + enddir = strrchr(new_path, '/'); + if (enddir == NULL || enddir[1] == '\0') + return 1; + enddir[1] = '\0'; + if (realpath(new_path, new_path) == NULL) { + errno = ENOENT; + return 1; + } + enddir = strrchr(path, '/'); + strlcat(new_path, enddir, sizeof(new_path)); + } + + if (realpath("/var/run/", var_run) == NULL) return 1; strlcat(var_run, "/", sizeof(var_run)); |