X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=blobdiff_plain;f=daemon%2Ffile.c;h=da899b6c59dd56e214046bba75991027a4596e2f;hp=0b50eebd7fa66b00a284d81e6b1647d91b4bcb28;hb=ba39ced8804765705f4c61a92db0fddb8d672c7d;hpb=b3035e8d7c04a71d9a54ab7e52bc9e169ecf0b47

diff --git a/daemon/file.c b/daemon/file.c
index 0b50eeb..da899b6 100644
--- a/daemon/file.c
+++ b/daemon/file.c
@@ -34,6 +34,26 @@ do_touch (const char *path)
 {
   int fd;
   int r;
+  struct stat buf;
+
+  /* RHBZ#582484: Restrict touch to regular files.  It's also OK
+   * here if the file does not exist, since we will create it.
+   */
+  CHROOT_IN;
+  r = lstat (path, &buf);
+  CHROOT_OUT;
+
+  if (r == -1) {
+    if (errno != ENOENT) {
+      reply_with_perror ("lstat: %s", path);
+      return -1;
+    }
+  } else {
+    if (! S_ISREG (buf.st_mode)) {
+      reply_with_error ("%s: touch can only be used on a regular files", path);
+      return -1;
+    }
+  }
 
   CHROOT_IN;
   fd = open (path, O_WRONLY | O_CREAT | O_NOCTTY, 0666);
@@ -87,7 +107,7 @@ do_cat (const char *path)
     if (size >= alloc) {
       alloc += 8192;
       if (alloc > max) {
-        reply_with_error ("cat: %s: file is too large for message buffer",
+        reply_with_error ("%s: file is too large for message buffer",
                           path);
         free (buf);
         close (fd);
@@ -186,7 +206,7 @@ do_rm (const char *path)
   CHROOT_OUT;
 
   if (r == -1) {
-    reply_with_perror ("unlink: %s", path);
+    reply_with_perror ("%s", path);
     return -1;
   }
 
@@ -198,12 +218,17 @@ do_chmod (int mode, const char *path)
 {
   int r;
 
+  if (mode < 0) {
+    reply_with_error ("%s: mode is negative", path);
+    return -1;
+  }
+
   CHROOT_IN;
   r = chmod (path, mode);
   CHROOT_OUT;
 
   if (r == -1) {
-    reply_with_perror ("chmod: %s: 0%o", path, mode);
+    reply_with_perror ("%s: 0%o", path, mode);
     return -1;
   }
 
@@ -220,7 +245,7 @@ do_chown (int owner, int group, const char *path)
   CHROOT_OUT;
 
   if (r == -1) {
-    reply_with_perror ("chown: %s: %d.%d", path, owner, group);
+    reply_with_perror ("%s: %d.%d", path, owner, group);
     return -1;
   }
 
@@ -237,7 +262,7 @@ do_lchown (int owner, int group, const char *path)
   CHROOT_OUT;
 
   if (r == -1) {
-    reply_with_perror ("lchown: %s: %d.%d", path, owner, group);
+    reply_with_perror ("%s: %d.%d", path, owner, group);
     return -1;
   }
 
@@ -283,8 +308,57 @@ do_write_file (const char *path, const char *content, int size)
 {
   int fd;
 
+  /* This call is deprecated, and it has a broken interface.  New code
+   * should use the 'guestfs_write' call instead.  Because we used an
+   * XDR string type, 'content' cannot contain ASCII NUL and 'size'
+   * must never be longer than the string.  We must check this to
+   * ensure random stuff from XDR or daemon memory isn't written to
+   * the file (RHBZ#597135).
+   */
+  if (size < 0) {
+    reply_with_error ("size cannot be negative");
+    return -1;
+  }
+
+  /* Note content_len must be small because of the limits on protocol
+   * message size.
+   */
+  int content_len = (int) strlen (content);
+
   if (size == 0)
-    size = strlen (content);
+    size = content_len;
+  else if (size > content_len) {
+    reply_with_error ("size parameter is larger than string content");
+    return -1;
+  }
+
+  CHROOT_IN;
+  fd = open (path, O_WRONLY | O_TRUNC | O_CREAT | O_NOCTTY, 0666);
+  CHROOT_OUT;
+
+  if (fd == -1) {
+    reply_with_perror ("open: %s", path);
+    return -1;
+  }
+
+  if (xwrite (fd, content, size) == -1) {
+    reply_with_perror ("write");
+    close (fd);
+    return -1;
+  }
+
+  if (close (fd) == -1) {
+    reply_with_perror ("close: %s", path);
+    return -1;
+  }
+
+  return 0;
+}
+
+int
+do_write (const char *path, const char *content, size_t size)
+{
+  int fd;
 
   CHROOT_IN;
   fd = open (path, O_WRONLY | O_TRUNC | O_CREAT | O_NOCTTY, 0666);
@@ -331,25 +405,24 @@ do_read_file (const char *path, size_t *size_r)
     return NULL;
   }
 
-  *size_r = statbuf.st_size;
   /* The actual limit on messages is smaller than this.  This
    * check just limits the amount of memory we'll try and allocate
    * here.  If the message is larger than the real limit, that will
    * be caught later when we try to serialize the message.
    */
-  if (*size_r >= GUESTFS_MESSAGE_MAX) {
-    reply_with_error ("read_file: %s: file is too large for the protocol, use guestfs_download instead", path);
+  if (statbuf.st_size >= GUESTFS_MESSAGE_MAX) {
+    reply_with_error ("%s: file is too large for the protocol, use guestfs_download instead", path);
     close (fd);
     return NULL;
   }
-  r = malloc (*size_r);
+  r = malloc (statbuf.st_size);
   if (r == NULL) {
     reply_with_perror ("malloc");
     close (fd);
     return NULL;
   }
 
-  if (xread (fd, r, *size_r) == -1) {
+  if (xread (fd, r, statbuf.st_size) == -1) {
     reply_with_perror ("read: %s", path);
     close (fd);
     free (r);
@@ -362,6 +435,10 @@ do_read_file (const char *path, size_t *size_r)
     return NULL;
   }
 
+  /* Mustn't touch *size_r until we are sure that we won't return any
+   * error (RHBZ#589039).
+   */
+  *size_r = statbuf.st_size;
   return r;
 }
 
@@ -378,7 +455,7 @@ do_pread (const char *path, int count, int64_t offset, size_t *size_r)
    * will be caught later when we try to serialize the message.
    */
   if (count >= GUESTFS_MESSAGE_MAX) {
-    reply_with_error ("pread: %s: count is too large for the protocol, use smaller reads", path);
+    reply_with_error ("%s: count is too large for the protocol, use smaller reads", path);
     return NULL;
   }
 
@@ -413,55 +490,117 @@ do_pread (const char *path, int count, int64_t offset, size_t *size_r)
     return NULL;
   }
 
+  /* Mustn't touch *size_r until we are sure that we won't return any
+   * error (RHBZ#589039).
+   */
   *size_r = r;
   return buf;
 }
 
+int
+do_pwrite (const char *path, const char *content, size_t size, int64_t offset)
+{
+  int fd;
+  ssize_t r;
+
+  CHROOT_IN;
+  fd = open (path, O_WRONLY);
+  CHROOT_OUT;
+
+  if (fd == -1) {
+    reply_with_perror ("open: %s", path);
+    return -1;
+  }
+
+  r = pwrite (fd, content, size, offset);
+  if (r == -1) {
+    reply_with_perror ("pwrite: %s", path);
+    close (fd);
+    return -1;
+  }
+
+  if (close (fd) == -1) {
+    reply_with_perror ("close: %s", path);
+    close (fd);
+    return -1;
+  }
+
+  return r;
+}
+
 /* This runs the 'file' command. */
 char *
 do_file (const char *path)
 {
-  char *out, *err;
-  int r, freeit = 0;
-  char *buf;
-  int len;
+  char *buf = NULL;
+  const char *display_path = path;
 
-  if (STREQLEN (path, "/dev/", 5))
-    buf = (char *) path;
-  else {
+  int is_dev = STRPREFIX (path, "/dev/");
+
+  if (!is_dev) {
     buf = sysroot_path (path);
     if (!buf) {
       reply_with_perror ("malloc");
       return NULL;
     }
-    freeit = 1;
+    path = buf;
+
+    /* For non-dev, check this is a regular file, else just return the
+     * file type as a string (RHBZ#582484).
+     */
+    struct stat statbuf;
+    if (lstat (path, &statbuf) == -1) {
+      reply_with_perror ("lstat: %s", display_path);
+      free (buf);
+      return NULL;
+    }
+
+    if (! S_ISREG (statbuf.st_mode)) {
+      char *ret;
+
+      free (buf);
+
+      if (S_ISDIR (statbuf.st_mode))
+        ret = strdup ("directory");
+      else if (S_ISCHR (statbuf.st_mode))
+        ret = strdup ("character device");
+      else if (S_ISBLK (statbuf.st_mode))
+        ret = strdup ("block device");
+      else if (S_ISFIFO (statbuf.st_mode))
+        ret = strdup ("FIFO");
+      else if (S_ISLNK (statbuf.st_mode))
+        ret = strdup ("symbolic link");
+      else if (S_ISSOCK (statbuf.st_mode))
+        ret = strdup ("socket");
+      else
+        ret = strdup ("unknown, not regular file");
+
+      if (ret == NULL)
+        reply_with_perror ("strdup");
+      return ret;
+    }
   }
 
-  /* file(1) manpage claims "file returns 0 on success, and non-zero on
-   * error", but this is evidently not true.  It always returns 0, in
-   * every scenario I can think up.  So check the target is readable
-   * first.
+  /* Which flags to use?  For /dev paths, follow links because
+   * /dev/VG/LV is a symbolic link.
    */
-  if (access (buf, R_OK) == -1) {
-    if (freeit) free (buf);
-    reply_with_perror ("access: %s", path);
-    return NULL;
-  }
+  const char *flags = is_dev ? "-zbsL" : "-zb";
 
-  r = command (&out, &err, "file", "-zbsL", buf, NULL);
-  if (freeit) free (buf);
+  char *out, *err;
+  int r = command (&out, &err, "file", flags, path, NULL);
+  free (buf);
 
   if (r == -1) {
     free (out);
-    reply_with_error ("file: %s: %s", path, err);
+    reply_with_error ("%s: %s", display_path, err);
     free (err);
     return NULL;
   }
   free (err);
 
   /* We need to remove the trailing \n from output of file(1). */
-  len = strlen (out);
-  if (out[len-1] == '\n')
+  size_t len = strlen (out);
+  if (len > 0 && out[len-1] == '\n')
     out[len-1] = '\0';
 
   return out;			/* caller frees */
@@ -482,7 +621,7 @@ do_zfile (const char *method, const char *path)
   else if (STREQ (method, "bzip2"))
     zcat = "bzcat";
   else {
-    reply_with_error ("zfile: unknown method");
+    reply_with_error ("unknown method");
     return NULL;
   }
 
@@ -504,13 +643,13 @@ do_zfile (const char *method, const char *path)
   free (cmd);
 
   if (fgets (line, sizeof line, fp) == NULL) {
-    reply_with_perror ("zfile: fgets");
+    reply_with_perror ("fgets");
     fclose (fp);
     return NULL;
   }
 
   if (fclose (fp) == -1) {
-    reply_with_perror ("zfile: fclose");
+    reply_with_perror ("fclose");
     return NULL;
   }
 
@@ -520,3 +659,21 @@ do_zfile (const char *method, const char *path)
 
   return strdup (line);
 }
+
+int64_t
+do_filesize (const char *path)
+{
+  int r;
+  struct stat buf;
+
+  CHROOT_IN;
+  r = stat (path, &buf);        /* follow symlinks */
+  CHROOT_OUT;
+
+  if (r == -1) {
+    reply_with_perror ("%s", path);
+    return -1;
+  }
+
+  return buf.st_size;
+}