X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;ds=sidebyside;f=daemon%2Ffile.c;h=2594207f9efcb7f845c0972ebf12ec8164e01f1e;hb=e3befe5a2e85179dcc5a52aa7d74b9cc5f3430ec;hp=7d37f569334811bcacc959ce65b11b84520cd8e7;hpb=3920ad95f6b2db8fbf20aa26692877a09070cb04;p=libguestfs.git diff --git a/daemon/file.c b/daemon/file.c index 7d37f56..2594207 100644 --- a/daemon/file.c +++ b/daemon/file.c @@ -288,8 +288,29 @@ do_write_file (const char *path, const char *content, int size) { int fd; + /* This call is deprecated, and it has a broken interface. New code + * should use the 'guestfs_write' call instead. Because we used an + * XDR string type, 'content' cannot contain ASCII NUL and 'size' + * must never be longer than the string. We must check this to + * ensure random stuff from XDR or daemon memory isn't written to + * the file (RHBZ#597135). + */ + if (size < 0) { + reply_with_error ("size cannot be negative"); + return -1; + } + + /* Note content_len must be small because of the limits on protocol + * message size. + */ + int content_len = (int) strlen (content); + if (size == 0) - size = strlen (content); + size = content_len; + else if (size > content_len) { + reply_with_error ("size parameter is larger than string content"); + return -1; + } CHROOT_IN; fd = open (path, O_WRONLY | O_TRUNC | O_CREAT | O_NOCTTY, 0666); @@ -456,24 +477,53 @@ do_pread (const char *path, int count, int64_t offset, size_t *size_r) return buf; } +int +do_pwrite (const char *path, const char *content, size_t size, int64_t offset) +{ + int fd; + ssize_t r; + + CHROOT_IN; + fd = open (path, O_WRONLY); + CHROOT_OUT; + + if (fd == -1) { + reply_with_perror ("open: %s", path); + return -1; + } + + r = pwrite (fd, content, size, offset); + if (r == -1) { + reply_with_perror ("pwrite: %s", path); + close (fd); + return -1; + } + + if (close (fd) == -1) { + reply_with_perror ("close: %s", path); + close (fd); + return -1; + } + + return r; +} + /* This runs the 'file' command. */ char * do_file (const char *path) { - char *out, *err; - int r, freeit = 0; - char *buf; - int len; + char *buf = NULL; + const char *display_path = path; - if (STREQLEN (path, "/dev/", 5)) - buf = (char *) path; - else { + int is_dev = STRPREFIX (path, "/dev/"); + + if (!is_dev) { buf = sysroot_path (path); if (!buf) { reply_with_perror ("malloc"); return NULL; } - freeit = 1; + path = buf; } /* file(1) manpage claims "file returns 0 on success, and non-zero on @@ -481,26 +531,27 @@ do_file (const char *path) * every scenario I can think up. So check the target is readable * first. */ - if (access (buf, R_OK) == -1) { - if (freeit) free (buf); - reply_with_perror ("access: %s", path); + if (access (path, R_OK) == -1) { + reply_with_perror ("access: %s", display_path); + free (buf); return NULL; } - r = command (&out, &err, "file", "-zbsL", buf, NULL); - if (freeit) free (buf); + char *out, *err; + int r = command (&out, &err, "file", "-zbsL", path, NULL); + free (buf); if (r == -1) { free (out); - reply_with_error ("%s: %s", path, err); + reply_with_error ("%s: %s", display_path, err); free (err); return NULL; } free (err); /* We need to remove the trailing \n from output of file(1). */ - len = strlen (out); - if (out[len-1] == '\n') + size_t len = strlen (out); + if (len > 0 && out[len-1] == '\n') out[len-1] = '\0'; return out; /* caller frees */