Various security related deltas from OpenBSD

dirs.c:
	From OpenBSD 1.2, 1.3, 1.5, 1.8, 1.10, 1.11, 1.12
	1.2:
		use unique temporary files; netbsd pr#2544;
		lukem@supp.cpr.itg.telecom.com.au
	1.3:
		updated patch from lukem@supp.cpr.itg.telecom.com.au
		to also make -r and -R work again
	1.5:
		mktemp open & fdopen
	1.8:
		/tmp// -> /tmp/
	1.10:
		Fix strncpy usage and correct strncat length field,
		from Theo.  Also change some occurrence of MAXPATHLEN
		with sizeof(foo).
	1.11:
		does noone know how to use strncat correctly?
	1.12:
		use mkstemp()
	From NetBSD:
		Use open rather than create so we can specify
		exclusive open mode.

main.c:
	From OpenBSD 1.2, 1.5
	1.2:
		From NetBSD: support $TAPE.
	1.5
		Set umask to be read only by owner until we set real
		file permissions.
tape.c:
	From NetBSD:
		Use open rather than create so we can specify
		exclusive open mode.
This commit is contained in:
Warner Losh 1997-01-01 00:03:49 +00:00
parent 38bf940791
commit 335524b9ad
3 changed files with 43 additions and 17 deletions

View File

@ -104,9 +104,9 @@ struct rstdirdesc {
static long seekpt;
static FILE *df, *mf;
static RST_DIR *dirp;
static char dirfile[32] = "#"; /* No file */
static char modefile[32] = "#"; /* No file */
static char dot[2] = "."; /* So it can be modified */
static char dirfile[MAXPATHLEN] = "#"; /* No file */
static char modefile[MAXPATHLEN] = "#"; /* No file */
static char dot[2] = "."; /* So it can be modified */
/*
* Format of old style directories.
@ -142,11 +142,18 @@ extractdirs(genmode)
register struct dinode *ip;
struct inotab *itp;
struct direct nulldir;
int fd;
vprintf(stdout, "Extract directories from tape\n");
(void) sprintf(dirfile, "%s/rstdir%d", _PATH_TMP, dumpdate);
df = fopen(dirfile, "w");
if (df == NULL) {
(void) sprintf(dirfile, "%srstdir%d", _PATH_TMP, dumpdate);
if (command != 'r' && command != 'R') {
(void *) strcat(dirfile, "-XXXXXX");
fd = mkstemp(dirfile);
} else
fd = open(dirfile, O_RDWR|O_CREAT|O_EXCL, 0666);
if (fd == -1 || (df = fdopen(fd, "w")) == NULL) {
if (fd != -1)
close(fd);
fprintf(stderr,
"restore: %s - cannot create directory temporary\n",
dirfile);
@ -154,9 +161,15 @@ extractdirs(genmode)
done(1);
}
if (genmode != 0) {
(void) sprintf(modefile, "%s/rstmode%d", _PATH_TMP, dumpdate);
mf = fopen(modefile, "w");
if (mf == NULL) {
(void) sprintf(modefile, "%srstmode%d", _PATH_TMP, dumpdate);
if (command != 'r' && command != 'R') {
(void *) strcat(modefile, "-XXXXXX");
fd = mkstemp(modefile);
} else
fd = open(modefile, O_RDWR|O_CREAT|O_EXCL, 0666);
if (fd == -1 || (mf = fdopen(fd, "w")) == NULL) {
if (fd != -1)
close(fd);
fprintf(stderr,
"restore: %s - cannot create modefile \n",
modefile);
@ -239,8 +252,9 @@ treescan(pname, ino, todo)
* begin search through the directory
* skipping over "." and ".."
*/
(void) strncpy(locname, pname, MAXPATHLEN);
(void) strncat(locname, "/", MAXPATHLEN);
(void) strncpy(locname, pname, sizeof(locname) - 1);
locname[sizeof(locname) - 1] = '\0';
(void) strncat(locname, "/", sizeof(locname) - strlen(locname));
namelen = strlen(locname);
rst_seekdir(dirp, itp->t_seekpt, itp->t_seekpt);
dp = rst_readdir(dirp); /* "." */
@ -260,9 +274,9 @@ treescan(pname, ino, todo)
*/
while (dp != NULL && dp->d_ino != 0) {
locname[namelen] = '\0';
if (namelen + dp->d_namlen >= MAXPATHLEN) {
if (namelen + dp->d_namlen >= sizeof(locname)) {
fprintf(stderr, "%s%s: name exceeds %d char\n",
locname, dp->d_name, MAXPATHLEN);
locname, dp->d_name, sizeof(locname) - 1);
} else {
(void) strncat(locname, dp->d_name, (int)dp->d_namlen);
treescan(locname, dp->d_ino, todo);
@ -585,7 +599,13 @@ setdirmodes(flags)
char *cp;
vprintf(stdout, "Set directory mode, owner, and times.\n");
(void) sprintf(modefile, "%s/rstmode%d", _PATH_TMP, dumpdate);
if (command == 'r' || command == 'R')
(void) sprintf(modefile, "%srstmode%d", _PATH_TMP, dumpdate);
if (modefile[0] == '#') {
panic("modefile not defined\n");
fprintf(stderr, "directory mode, owner, and times not set\n");
return;
}
mf = fopen(modefile, "r");
if (mf == NULL) {
fprintf(stderr, "fopen: %s\n", strerror(errno));
@ -640,7 +660,7 @@ genliteraldir(name, ino)
itp = inotablookup(ino);
if (itp == NULL)
panic("Cannot find directory inode %d named %s\n", ino, name);
if ((ofile = creat(name, 0666)) < 0) {
if ((ofile = open(name, O_WRONLY | O_CREAT | O_TRUNC, 0666)) < 0) {
fprintf(stderr, "%s: ", name);
(void) fflush(stderr);
fprintf(stderr, "cannot create file: %s\n", strerror(errno));

View File

@ -82,13 +82,18 @@ main(argc, argv)
{
int ch;
ino_t ino;
char *inputdev = _PATH_DEFTAPE;
char *inputdev;
char *symtbl = "./restoresymtable";
char *p, name[MAXPATHLEN];
/* Temp files should *not* be readable. We set permissions later. */
(void) umask(077);
if (argc < 2)
usage();
if ((inputdev = getenv("TAPE")) == NULL)
inputdev = _PATH_DEFTAPE;
obsolete(&argc, &argv);
while ((ch = getopt(argc, argv, "b:cdf:himNRrs:tvxy")) != EOF)
switch(ch) {

View File

@ -583,7 +583,8 @@ extractfile(name)
skipfile();
return (GOOD);
}
if ((ofile = creat(name, 0666)) < 0) {
if ((ofile = open(name, O_WRONLY | O_CREAT | O_TRUNC,
0666)) < 0) {
fprintf(stderr, "%s: cannot create file: %s\n",
name, strerror(errno));
skipfile();