X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=daemon%2Ffile.c;h=a0842c09071d4a85f8028cb4e74d3ddb170b7d00;hb=5222be29f81fb98f0448d6e289c2c486fbc56883;hp=2399828ee6e62320df18880425441ada7d2f8ba5;hpb=988a707f3731e4174582e74fc83c30d89c5afb7e;p=libguestfs.git

diff --git a/daemon/file.c b/daemon/file.c
index 2399828..a0842c0 100644
--- a/daemon/file.c
+++ b/daemon/file.c
@@ -250,46 +250,33 @@ do_lchown (int owner, int group, const char *path)
 }
 
 int
-do_exists (const char *path)
-{
-  int r;
-
-  CHROOT_IN;
-  r = access (path, F_OK);
-  CHROOT_OUT;
-
-  return r == 0;
-}
-
-int
-do_is_file (const char *path)
+do_write_file (const char *path, const char *content, int size)
 {
-  int r;
-  struct stat buf;
-
-  CHROOT_IN;
-  r = lstat (path, &buf);
-  CHROOT_OUT;
+  int fd;
 
-  if (r == -1) {
-    if (errno != ENOENT && errno != ENOTDIR) {
-      reply_with_perror ("stat: %s", path);
-      return -1;
-    }
-    else
-      return 0;			/* Not a file. */
+  /* This call is deprecated, and it has a broken interface.  New code
+   * should use the 'guestfs_write' call instead.  Because we used an
+   * XDR string type, 'content' cannot contain ASCII NUL and 'size'
+   * must never be longer than the string.  We must check this to
+   * ensure random stuff from XDR or daemon memory isn't written to
+   * the file (RHBZ#597135).
+   */
+  if (size < 0) {
+    reply_with_error ("size cannot be negative");
+    return -1;
   }
 
-  return S_ISREG (buf.st_mode);
-}
-
-int
-do_write_file (const char *path, const char *content, int size)
-{
-  int fd;
+  /* Note content_len must be small because of the limits on protocol
+   * message size.
+   */
+  int content_len = (int) strlen (content);
 
   if (size == 0)
-    size = strlen (content);
+    size = content_len;
+  else if (size > content_len) {
+    reply_with_error ("size parameter is larger than string content");
+    return -1;
+  }
 
   CHROOT_IN;
   fd = open (path, O_WRONLY | O_TRUNC | O_CREAT | O_NOCTTY, 0666);