X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=blobdiff_plain;f=daemon%2Ffile.c;h=476f44569a1d99ef93ac5a673eb3efb682f47c59;hp=2399828ee6e62320df18880425441ada7d2f8ba5;hb=3a99114360636806078bbf614c241e89661bcc7f;hpb=42f59b28f123f53ae038df23a9abee08e959e46b diff --git a/daemon/file.c b/daemon/file.c index 2399828..476f445 100644 --- a/daemon/file.c +++ b/daemon/file.c @@ -34,6 +34,26 @@ do_touch (const char *path) { int fd; int r; + struct stat buf; + + /* RHBZ#582484: Restrict touch to regular files. It's also OK + * here if the file does not exist, since we will create it. + */ + CHROOT_IN; + r = lstat (path, &buf); + CHROOT_OUT; + + if (r == -1) { + if (errno != ENOENT) { + reply_with_perror ("lstat: %s", path); + return -1; + } + } else { + if (! S_ISREG (buf.st_mode)) { + reply_with_error ("%s: touch can only be used on a regular files", path); + return -1; + } + } CHROOT_IN; fd = open (path, O_WRONLY | O_CREAT | O_NOCTTY, 0666); @@ -250,47 +270,62 @@ do_lchown (int owner, int group, const char *path) } int -do_exists (const char *path) +do_write_file (const char *path, const char *content, int size) { - int r; + int fd; - CHROOT_IN; - r = access (path, F_OK); - CHROOT_OUT; + /* This call is deprecated, and it has a broken interface. New code + * should use the 'guestfs_write' call instead. Because we used an + * XDR string type, 'content' cannot contain ASCII NUL and 'size' + * must never be longer than the string. We must check this to + * ensure random stuff from XDR or daemon memory isn't written to + * the file (RHBZ#597135). + */ + if (size < 0) { + reply_with_error ("size cannot be negative"); + return -1; + } - return r == 0; -} + /* Note content_len must be small because of the limits on protocol + * message size. + */ + int content_len = (int) strlen (content); -int -do_is_file (const char *path) -{ - int r; - struct stat buf; + if (size == 0) + size = content_len; + else if (size > content_len) { + reply_with_error ("size parameter is larger than string content"); + return -1; + } CHROOT_IN; - r = lstat (path, &buf); + fd = open (path, O_WRONLY | O_TRUNC | O_CREAT | O_NOCTTY, 0666); CHROOT_OUT; - if (r == -1) { - if (errno != ENOENT && errno != ENOTDIR) { - reply_with_perror ("stat: %s", path); - return -1; - } - else - return 0; /* Not a file. */ + if (fd == -1) { + reply_with_perror ("open: %s", path); + return -1; + } + + if (xwrite (fd, content, size) == -1) { + reply_with_perror ("write"); + close (fd); + return -1; + } + + if (close (fd) == -1) { + reply_with_perror ("close: %s", path); + return -1; } - return S_ISREG (buf.st_mode); + return 0; } int -do_write_file (const char *path, const char *content, int size) +do_write (const char *path, const char *content, size_t size) { int fd; - if (size == 0) - size = strlen (content); - CHROOT_IN; fd = open (path, O_WRONLY | O_TRUNC | O_CREAT | O_NOCTTY, 0666); CHROOT_OUT; @@ -428,51 +463,110 @@ do_pread (const char *path, int count, int64_t offset, size_t *size_r) return buf; } +int +do_pwrite (const char *path, const char *content, size_t size, int64_t offset) +{ + int fd; + ssize_t r; + + CHROOT_IN; + fd = open (path, O_WRONLY); + CHROOT_OUT; + + if (fd == -1) { + reply_with_perror ("open: %s", path); + return -1; + } + + r = pwrite (fd, content, size, offset); + if (r == -1) { + reply_with_perror ("pwrite: %s", path); + close (fd); + return -1; + } + + if (close (fd) == -1) { + reply_with_perror ("close: %s", path); + close (fd); + return -1; + } + + return r; +} + /* This runs the 'file' command. */ char * do_file (const char *path) { - char *out, *err; - int r, freeit = 0; - char *buf; - int len; + char *buf = NULL; + const char *display_path = path; - if (STREQLEN (path, "/dev/", 5)) - buf = (char *) path; - else { + int is_dev = STRPREFIX (path, "/dev/"); + + if (!is_dev) { buf = sysroot_path (path); if (!buf) { reply_with_perror ("malloc"); return NULL; } - freeit = 1; + path = buf; + + /* For non-dev, check this is a regular file, else just return the + * file type as a string (RHBZ#582484). + */ + struct stat statbuf; + if (lstat (path, &statbuf) == -1) { + reply_with_perror ("lstat: %s", display_path); + free (buf); + return NULL; + } + + if (! S_ISREG (statbuf.st_mode)) { + char *ret; + + free (buf); + + if (S_ISDIR (statbuf.st_mode)) + ret = strdup ("directory"); + else if (S_ISCHR (statbuf.st_mode)) + ret = strdup ("character device"); + else if (S_ISBLK (statbuf.st_mode)) + ret = strdup ("block device"); + else if (S_ISFIFO (statbuf.st_mode)) + ret = strdup ("FIFO"); + else if (S_ISLNK (statbuf.st_mode)) + ret = strdup ("symbolic link"); + else if (S_ISSOCK (statbuf.st_mode)) + ret = strdup ("socket"); + else + ret = strdup ("unknown, not regular file"); + + if (ret == NULL) + reply_with_perror ("strdup"); + return ret; + } } - /* file(1) manpage claims "file returns 0 on success, and non-zero on - * error", but this is evidently not true. It always returns 0, in - * every scenario I can think up. So check the target is readable - * first. + /* Which flags to use? For /dev paths, follow links because + * /dev/VG/LV is a symbolic link. */ - if (access (buf, R_OK) == -1) { - if (freeit) free (buf); - reply_with_perror ("access: %s", path); - return NULL; - } + const char *flags = is_dev ? "-zbsL" : "-zb"; - r = command (&out, &err, "file", "-zbsL", buf, NULL); - if (freeit) free (buf); + char *out, *err; + int r = command (&out, &err, "file", flags, path, NULL); + free (buf); if (r == -1) { free (out); - reply_with_error ("%s: %s", path, err); + reply_with_error ("%s: %s", display_path, err); free (err); return NULL; } free (err); /* We need to remove the trailing \n from output of file(1). */ - len = strlen (out); - if (out[len-1] == '\n') + size_t len = strlen (out); + if (len > 0 && out[len-1] == '\n') out[len-1] = '\0'; return out; /* caller frees */