X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=blobdiff_plain;f=daemon%2Ffile.c;h=7600064595c50bebc88eafb9a33d47f7941e1c36;hp=7d37f569334811bcacc959ce65b11b84520cd8e7;hb=9733d4746988b3a072d8bb1daac4b9795b8f4134;hpb=3920ad95f6b2db8fbf20aa26692877a09070cb04 diff --git a/daemon/file.c b/daemon/file.c index 7d37f56..7600064 100644 --- a/daemon/file.c +++ b/daemon/file.c @@ -288,8 +288,29 @@ do_write_file (const char *path, const char *content, int size) { int fd; + /* This call is deprecated, and it has a broken interface. New code + * should use the 'guestfs_write' call instead. Because we used an + * XDR string type, 'content' cannot contain ASCII NUL and 'size' + * must never be longer than the string. We must check this to + * ensure random stuff from XDR or daemon memory isn't written to + * the file (RHBZ#597135). + */ + if (size < 0) { + reply_with_error ("size cannot be negative"); + return -1; + } + + /* Note content_len must be small because of the limits on protocol + * message size. + */ + int content_len = (int) strlen (content); + if (size == 0) - size = strlen (content); + size = content_len; + else if (size > content_len) { + reply_with_error ("size parameter is larger than string content"); + return -1; + } CHROOT_IN; fd = open (path, O_WRONLY | O_TRUNC | O_CREAT | O_NOCTTY, 0666); @@ -456,6 +477,37 @@ do_pread (const char *path, int count, int64_t offset, size_t *size_r) return buf; } +int +do_pwrite (const char *path, const char *content, size_t size, int64_t offset) +{ + int fd; + ssize_t r; + + CHROOT_IN; + fd = open (path, O_WRONLY); + CHROOT_OUT; + + if (fd == -1) { + reply_with_perror ("open: %s", path); + return -1; + } + + r = pwrite (fd, content, size, offset); + if (r == -1) { + reply_with_perror ("pwrite: %s", path); + close (fd); + return -1; + } + + if (close (fd) == -1) { + reply_with_perror ("close: %s", path); + close (fd); + return -1; + } + + return r; +} + /* This runs the 'file' command. */ char * do_file (const char *path)