X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=blobdiff_plain;f=daemon%2Ffile.c;h=e3a3c30f4267912d347b4959c937a09fb143a333;hp=2399828ee6e62320df18880425441ada7d2f8ba5;hb=5d7ee3f0c5b65cc7c417d762a648ce6c5bfdb532;hpb=42f59b28f123f53ae038df23a9abee08e959e46b

diff --git a/daemon/file.c b/daemon/file.c
index 2399828..e3a3c30 100644
--- a/daemon/file.c
+++ b/daemon/file.c
@@ -25,7 +25,7 @@
 #include <fcntl.h>
 #include <sys/stat.h>
 
-#include "../src/guestfs_protocol.h"
+#include "guestfs_protocol.h"
 #include "daemon.h"
 #include "actions.h"
 
@@ -34,6 +34,26 @@ do_touch (const char *path)
 {
   int fd;
   int r;
+  struct stat buf;
+
+  /* RHBZ#582484: Restrict touch to regular files.  It's also OK
+   * here if the file does not exist, since we will create it.
+   */
+  CHROOT_IN;
+  r = lstat (path, &buf);
+  CHROOT_OUT;
+
+  if (r == -1) {
+    if (errno != ENOENT) {
+      reply_with_perror ("lstat: %s", path);
+      return -1;
+    }
+  } else {
+    if (! S_ISREG (buf.st_mode)) {
+      reply_with_error ("%s: touch can only be used on a regular files", path);
+      return -1;
+    }
+  }
 
   CHROOT_IN;
   fd = open (path, O_WRONLY | O_CREAT | O_NOCTTY, 0666);
@@ -250,47 +270,62 @@ do_lchown (int owner, int group, const char *path)
 }
 
 int
-do_exists (const char *path)
+do_write_file (const char *path, const char *content, int size)
 {
-  int r;
+  int fd;
 
-  CHROOT_IN;
-  r = access (path, F_OK);
-  CHROOT_OUT;
+  /* This call is deprecated, and it has a broken interface.  New code
+   * should use the 'guestfs_write' call instead.  Because we used an
+   * XDR string type, 'content' cannot contain ASCII NUL and 'size'
+   * must never be longer than the string.  We must check this to
+   * ensure random stuff from XDR or daemon memory isn't written to
+   * the file (RHBZ#597135).
+   */
+  if (size < 0) {
+    reply_with_error ("size cannot be negative");
+    return -1;
+  }
 
-  return r == 0;
-}
+  /* Note content_len must be small because of the limits on protocol
+   * message size.
+   */
+  int content_len = (int) strlen (content);
 
-int
-do_is_file (const char *path)
-{
-  int r;
-  struct stat buf;
+  if (size == 0)
+    size = content_len;
+  else if (size > content_len) {
+    reply_with_error ("size parameter is larger than string content");
+    return -1;
+  }
 
   CHROOT_IN;
-  r = lstat (path, &buf);
+  fd = open (path, O_WRONLY | O_TRUNC | O_CREAT | O_NOCTTY, 0666);
   CHROOT_OUT;
 
-  if (r == -1) {
-    if (errno != ENOENT && errno != ENOTDIR) {
-      reply_with_perror ("stat: %s", path);
-      return -1;
-    }
-    else
-      return 0;			/* Not a file. */
+  if (fd == -1) {
+    reply_with_perror ("open: %s", path);
+    return -1;
+  }
+
+  if (xwrite (fd, content, size) == -1) {
+    reply_with_perror ("write");
+    close (fd);
+    return -1;
+  }
+
+  if (close (fd) == -1) {
+    reply_with_perror ("close: %s", path);
+    return -1;
   }
 
-  return S_ISREG (buf.st_mode);
+  return 0;
 }
 
 int
-do_write_file (const char *path, const char *content, int size)
+do_write (const char *path, const char *content, size_t size)
 {
   int fd;
 
-  if (size == 0)
-    size = strlen (content);
-
   CHROOT_IN;
   fd = open (path, O_WRONLY | O_TRUNC | O_CREAT | O_NOCTTY, 0666);
   CHROOT_OUT;
@@ -373,29 +408,33 @@ do_read_file (const char *path, size_t *size_r)
   return r;
 }
 
-char *
-do_pread (const char *path, int count, int64_t offset, size_t *size_r)
+static char *
+pread_fd (int fd, int count, int64_t offset, size_t *size_r,
+          const char *display_path)
 {
-  int fd;
   ssize_t r;
   char *buf;
 
+  if (count < 0) {
+    reply_with_error ("count is negative");
+    close (fd);
+    return NULL;
+  }
+
+  if (offset < 0) {
+    reply_with_error ("offset is negative");
+    close (fd);
+    return NULL;
+  }
+
   /* The actual limit on messages is smaller than this.  This check
    * just limits the amount of memory we'll try and allocate in the
    * function.  If the message is larger than the real limit, that
    * will be caught later when we try to serialize the message.
    */
   if (count >= GUESTFS_MESSAGE_MAX) {
-    reply_with_error ("%s: count is too large for the protocol, use smaller reads", path);
-    return NULL;
-  }
-
-  CHROOT_IN;
-  fd = open (path, O_RDONLY);
-  CHROOT_OUT;
-
-  if (fd == -1) {
-    reply_with_perror ("open: %s", path);
+    reply_with_error ("%s: count is too large for the protocol, use smaller reads", display_path);
+    close (fd);
     return NULL;
   }
 
@@ -408,14 +447,14 @@ do_pread (const char *path, int count, int64_t offset, size_t *size_r)
 
   r = pread (fd, buf, count, offset);
   if (r == -1) {
-    reply_with_perror ("pread: %s", path);
+    reply_with_perror ("pread: %s", display_path);
     close (fd);
     free (buf);
     return NULL;
   }
 
   if (close (fd) == -1) {
-    reply_with_perror ("close: %s", path);
+    reply_with_perror ("close: %s", display_path);
     close (fd);
     free (buf);
     return NULL;
@@ -428,51 +467,170 @@ do_pread (const char *path, int count, int64_t offset, size_t *size_r)
   return buf;
 }
 
+char *
+do_pread (const char *path, int count, int64_t offset, size_t *size_r)
+{
+  int fd;
+
+  CHROOT_IN;
+  fd = open (path, O_RDONLY);
+  CHROOT_OUT;
+
+  if (fd == -1) {
+    reply_with_perror ("open: %s", path);
+    return NULL;
+  }
+
+  return pread_fd (fd, count, offset, size_r, path);
+}
+
+char *
+do_pread_device (const char *device, int count, int64_t offset, size_t *size_r)
+{
+  int fd = open (device, O_RDONLY);
+  if (fd == -1) {
+    reply_with_perror ("open: %s", device);
+    return NULL;
+  }
+
+  return pread_fd (fd, count, offset, size_r, device);
+}
+
+static int
+pwrite_fd (int fd, const char *content, size_t size, int64_t offset,
+           const char *display_path)
+{
+  ssize_t r;
+
+  r = pwrite (fd, content, size, offset);
+  if (r == -1) {
+    reply_with_perror ("pwrite: %s", display_path);
+    close (fd);
+    return -1;
+  }
+
+  if (close (fd) == -1) {
+    reply_with_perror ("close: %s", display_path);
+    close (fd);
+    return -1;
+  }
+
+  return r;
+}
+
+int
+do_pwrite (const char *path, const char *content, size_t size, int64_t offset)
+{
+  int fd;
+
+  if (offset < 0) {
+    reply_with_error ("offset is negative");
+    return -1;
+  }
+
+  CHROOT_IN;
+  fd = open (path, O_WRONLY);
+  CHROOT_OUT;
+
+  if (fd == -1) {
+    reply_with_perror ("open: %s", path);
+    return -1;
+  }
+
+  return pwrite_fd (fd, content, size, offset, path);
+}
+
+int
+do_pwrite_device (const char *device, const char *content, size_t size,
+                  int64_t offset)
+{
+  if (offset < 0) {
+    reply_with_error ("offset is negative");
+    return -1;
+  }
+
+  int fd = open (device, O_WRONLY);
+  if (fd == -1) {
+    reply_with_perror ("open: %s", device);
+    return -1;
+  }
+
+  return pwrite_fd (fd, content, size, offset, device);
+}
+
 /* This runs the 'file' command. */
 char *
 do_file (const char *path)
 {
-  char *out, *err;
-  int r, freeit = 0;
-  char *buf;
-  int len;
+  char *buf = NULL;
+  const char *display_path = path;
 
-  if (STREQLEN (path, "/dev/", 5))
-    buf = (char *) path;
-  else {
+  int is_dev = STRPREFIX (path, "/dev/");
+
+  if (!is_dev) {
     buf = sysroot_path (path);
     if (!buf) {
       reply_with_perror ("malloc");
       return NULL;
     }
-    freeit = 1;
+    path = buf;
+
+    /* For non-dev, check this is a regular file, else just return the
+     * file type as a string (RHBZ#582484).
+     */
+    struct stat statbuf;
+    if (lstat (path, &statbuf) == -1) {
+      reply_with_perror ("lstat: %s", display_path);
+      free (buf);
+      return NULL;
+    }
+
+    if (! S_ISREG (statbuf.st_mode)) {
+      char *ret;
+
+      free (buf);
+
+      if (S_ISDIR (statbuf.st_mode))
+        ret = strdup ("directory");
+      else if (S_ISCHR (statbuf.st_mode))
+        ret = strdup ("character device");
+      else if (S_ISBLK (statbuf.st_mode))
+        ret = strdup ("block device");
+      else if (S_ISFIFO (statbuf.st_mode))
+        ret = strdup ("FIFO");
+      else if (S_ISLNK (statbuf.st_mode))
+        ret = strdup ("symbolic link");
+      else if (S_ISSOCK (statbuf.st_mode))
+        ret = strdup ("socket");
+      else
+        ret = strdup ("unknown, not regular file");
+
+      if (ret == NULL)
+        reply_with_perror ("strdup");
+      return ret;
+    }
   }
 
-  /* file(1) manpage claims "file returns 0 on success, and non-zero on
-   * error", but this is evidently not true.  It always returns 0, in
-   * every scenario I can think up.  So check the target is readable
-   * first.
+  /* Which flags to use?  For /dev paths, follow links because
+   * /dev/VG/LV is a symbolic link.
    */
-  if (access (buf, R_OK) == -1) {
-    if (freeit) free (buf);
-    reply_with_perror ("access: %s", path);
-    return NULL;
-  }
+  const char *flags = is_dev ? "-zbsL" : "-zb";
 
-  r = command (&out, &err, "file", "-zbsL", buf, NULL);
-  if (freeit) free (buf);
+  char *out, *err;
+  int r = command (&out, &err, "file", flags, path, NULL);
+  free (buf);
 
   if (r == -1) {
     free (out);
-    reply_with_error ("%s: %s", path, err);
+    reply_with_error ("%s: %s", display_path, err);
     free (err);
     return NULL;
   }
   free (err);
 
   /* We need to remove the trailing \n from output of file(1). */
-  len = strlen (out);
-  if (out[len-1] == '\n')
+  size_t len = strlen (out);
+  if (len > 0 && out[len-1] == '\n')
     out[len-1] = '\0';
 
   return out;			/* caller frees */