Various security related deltas from OpenBSD
dirs.c: From OpenBSD 1.2, 1.3, 1.5, 1.8, 1.10, 1.11, 1.12 1.2: use unique temporary files; netbsd pr#2544; lukem@supp.cpr.itg.telecom.com.au 1.3: updated patch from lukem@supp.cpr.itg.telecom.com.au to also make -r and -R work again 1.5: mktemp open & fdopen 1.8: /tmp// -> /tmp/ 1.10: Fix strncpy usage and correct strncat length field, from Theo. Also change some occurrence of MAXPATHLEN with sizeof(foo). 1.11: does noone know how to use strncat correctly? 1.12: use mkstemp() From NetBSD: Use open rather than create so we can specify exclusive open mode. main.c: From OpenBSD 1.2, 1.5 1.2: From NetBSD: support $TAPE. 1.5 Set umask to be read only by owner until we set real file permissions. tape.c: From NetBSD: Use open rather than create so we can specify exclusive open mode.
This commit is contained in:
parent
38bf940791
commit
335524b9ad
@ -104,9 +104,9 @@ struct rstdirdesc {
|
||||
static long seekpt;
|
||||
static FILE *df, *mf;
|
||||
static RST_DIR *dirp;
|
||||
static char dirfile[32] = "#"; /* No file */
|
||||
static char modefile[32] = "#"; /* No file */
|
||||
static char dot[2] = "."; /* So it can be modified */
|
||||
static char dirfile[MAXPATHLEN] = "#"; /* No file */
|
||||
static char modefile[MAXPATHLEN] = "#"; /* No file */
|
||||
static char dot[2] = "."; /* So it can be modified */
|
||||
|
||||
/*
|
||||
* Format of old style directories.
|
||||
@ -142,11 +142,18 @@ extractdirs(genmode)
|
||||
register struct dinode *ip;
|
||||
struct inotab *itp;
|
||||
struct direct nulldir;
|
||||
int fd;
|
||||
|
||||
vprintf(stdout, "Extract directories from tape\n");
|
||||
(void) sprintf(dirfile, "%s/rstdir%d", _PATH_TMP, dumpdate);
|
||||
df = fopen(dirfile, "w");
|
||||
if (df == NULL) {
|
||||
(void) sprintf(dirfile, "%srstdir%d", _PATH_TMP, dumpdate);
|
||||
if (command != 'r' && command != 'R') {
|
||||
(void *) strcat(dirfile, "-XXXXXX");
|
||||
fd = mkstemp(dirfile);
|
||||
} else
|
||||
fd = open(dirfile, O_RDWR|O_CREAT|O_EXCL, 0666);
|
||||
if (fd == -1 || (df = fdopen(fd, "w")) == NULL) {
|
||||
if (fd != -1)
|
||||
close(fd);
|
||||
fprintf(stderr,
|
||||
"restore: %s - cannot create directory temporary\n",
|
||||
dirfile);
|
||||
@ -154,9 +161,15 @@ extractdirs(genmode)
|
||||
done(1);
|
||||
}
|
||||
if (genmode != 0) {
|
||||
(void) sprintf(modefile, "%s/rstmode%d", _PATH_TMP, dumpdate);
|
||||
mf = fopen(modefile, "w");
|
||||
if (mf == NULL) {
|
||||
(void) sprintf(modefile, "%srstmode%d", _PATH_TMP, dumpdate);
|
||||
if (command != 'r' && command != 'R') {
|
||||
(void *) strcat(modefile, "-XXXXXX");
|
||||
fd = mkstemp(modefile);
|
||||
} else
|
||||
fd = open(modefile, O_RDWR|O_CREAT|O_EXCL, 0666);
|
||||
if (fd == -1 || (mf = fdopen(fd, "w")) == NULL) {
|
||||
if (fd != -1)
|
||||
close(fd);
|
||||
fprintf(stderr,
|
||||
"restore: %s - cannot create modefile \n",
|
||||
modefile);
|
||||
@ -239,8 +252,9 @@ treescan(pname, ino, todo)
|
||||
* begin search through the directory
|
||||
* skipping over "." and ".."
|
||||
*/
|
||||
(void) strncpy(locname, pname, MAXPATHLEN);
|
||||
(void) strncat(locname, "/", MAXPATHLEN);
|
||||
(void) strncpy(locname, pname, sizeof(locname) - 1);
|
||||
locname[sizeof(locname) - 1] = '\0';
|
||||
(void) strncat(locname, "/", sizeof(locname) - strlen(locname));
|
||||
namelen = strlen(locname);
|
||||
rst_seekdir(dirp, itp->t_seekpt, itp->t_seekpt);
|
||||
dp = rst_readdir(dirp); /* "." */
|
||||
@ -260,9 +274,9 @@ treescan(pname, ino, todo)
|
||||
*/
|
||||
while (dp != NULL && dp->d_ino != 0) {
|
||||
locname[namelen] = '\0';
|
||||
if (namelen + dp->d_namlen >= MAXPATHLEN) {
|
||||
if (namelen + dp->d_namlen >= sizeof(locname)) {
|
||||
fprintf(stderr, "%s%s: name exceeds %d char\n",
|
||||
locname, dp->d_name, MAXPATHLEN);
|
||||
locname, dp->d_name, sizeof(locname) - 1);
|
||||
} else {
|
||||
(void) strncat(locname, dp->d_name, (int)dp->d_namlen);
|
||||
treescan(locname, dp->d_ino, todo);
|
||||
@ -585,7 +599,13 @@ setdirmodes(flags)
|
||||
char *cp;
|
||||
|
||||
vprintf(stdout, "Set directory mode, owner, and times.\n");
|
||||
(void) sprintf(modefile, "%s/rstmode%d", _PATH_TMP, dumpdate);
|
||||
if (command == 'r' || command == 'R')
|
||||
(void) sprintf(modefile, "%srstmode%d", _PATH_TMP, dumpdate);
|
||||
if (modefile[0] == '#') {
|
||||
panic("modefile not defined\n");
|
||||
fprintf(stderr, "directory mode, owner, and times not set\n");
|
||||
return;
|
||||
}
|
||||
mf = fopen(modefile, "r");
|
||||
if (mf == NULL) {
|
||||
fprintf(stderr, "fopen: %s\n", strerror(errno));
|
||||
@ -640,7 +660,7 @@ genliteraldir(name, ino)
|
||||
itp = inotablookup(ino);
|
||||
if (itp == NULL)
|
||||
panic("Cannot find directory inode %d named %s\n", ino, name);
|
||||
if ((ofile = creat(name, 0666)) < 0) {
|
||||
if ((ofile = open(name, O_WRONLY | O_CREAT | O_TRUNC, 0666)) < 0) {
|
||||
fprintf(stderr, "%s: ", name);
|
||||
(void) fflush(stderr);
|
||||
fprintf(stderr, "cannot create file: %s\n", strerror(errno));
|
||||
|
@ -82,13 +82,18 @@ main(argc, argv)
|
||||
{
|
||||
int ch;
|
||||
ino_t ino;
|
||||
char *inputdev = _PATH_DEFTAPE;
|
||||
char *inputdev;
|
||||
char *symtbl = "./restoresymtable";
|
||||
char *p, name[MAXPATHLEN];
|
||||
|
||||
/* Temp files should *not* be readable. We set permissions later. */
|
||||
(void) umask(077);
|
||||
|
||||
if (argc < 2)
|
||||
usage();
|
||||
|
||||
if ((inputdev = getenv("TAPE")) == NULL)
|
||||
inputdev = _PATH_DEFTAPE;
|
||||
obsolete(&argc, &argv);
|
||||
while ((ch = getopt(argc, argv, "b:cdf:himNRrs:tvxy")) != EOF)
|
||||
switch(ch) {
|
||||
|
@ -583,7 +583,8 @@ extractfile(name)
|
||||
skipfile();
|
||||
return (GOOD);
|
||||
}
|
||||
if ((ofile = creat(name, 0666)) < 0) {
|
||||
if ((ofile = open(name, O_WRONLY | O_CREAT | O_TRUNC,
|
||||
0666)) < 0) {
|
||||
fprintf(stderr, "%s: cannot create file: %s\n",
|
||||
name, strerror(errno));
|
||||
skipfile();
|
||||
|
Loading…
Reference in New Issue
Block a user