diff options
| author | Christian Grothoff <christian@grothoff.org> | 2013-10-09 20:03:31 +0000 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2013-10-09 20:03:31 +0000 |
| commit | bc28ff95e287a6794890c75348075fa9bd7af2f7 (patch) | |
| tree | 8311c91cfa435c7f0ecef9f27a277edc7ad99b96 /src/util/network.c | |
| parent | 7e332f5e005af87032decb86ac0a4bfbcc915cdc (diff) | |
| download | gnunet-bc28ff95e287a6794890c75348075fa9bd7af2f7.tar.gz gnunet-bc28ff95e287a6794890c75348075fa9bd7af2f7.zip | |
changing UNIX domain socket access control to file permissions checks, instead of UDS credentials (#2887)
Diffstat (limited to 'src/util/network.c')
| -rw-r--r-- | src/util/network.c | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/src/util/network.c b/src/util/network.c index 7a4b2a0b3..03dfcddd6 100644 --- a/src/util/network.c +++ b/src/util/network.c | |||
| @@ -87,8 +87,8 @@ GNUNET_NETWORK_test_pf (int pf) | |||
| 87 | { | 87 | { |
| 88 | if (EAFNOSUPPORT == errno) | 88 | if (EAFNOSUPPORT == errno) |
| 89 | return GNUNET_NO; | 89 | return GNUNET_NO; |
| 90 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 90 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
| 91 | "Failed to create test socket: %s\n", | 91 | "Failed to create test socket: %s\n", |
| 92 | STRERROR (errno)); | 92 | STRERROR (errno)); |
| 93 | return GNUNET_SYSERR; | 93 | return GNUNET_SYSERR; |
| 94 | } | 94 | } |
| @@ -400,11 +400,14 @@ GNUNET_NETWORK_socket_bind (struct GNUNET_NETWORK_Handle *desc, | |||
| 400 | { | 400 | { |
| 401 | const struct sockaddr_un *address_un = (const struct sockaddr_un *)address; | 401 | const struct sockaddr_un *address_un = (const struct sockaddr_un *)address; |
| 402 | if (address_un->sun_path[0] == '\0') | 402 | if (address_un->sun_path[0] == '\0') |
| 403 | { | ||
| 403 | bind_address_len = \ | 404 | bind_address_len = \ |
| 404 | sizeof (struct sockaddr_un) \ | 405 | sizeof (struct sockaddr_un) \ |
| 405 | - sizeof (address_un->sun_path) \ | 406 | - sizeof (address_un->sun_path) \ |
| 406 | + strnlen (address_un->sun_path + 1, sizeof (address_un->sun_path) - 1) \ | 407 | + strnlen (address_un->sun_path + 1, sizeof (address_un->sun_path) - 1) \ |
| 407 | + 1; | 408 | + 1; |
| 409 | GNUNET_break (0); | ||
| 410 | } | ||
| 408 | } | 411 | } |
| 409 | #endif | 412 | #endif |
| 410 | 413 | ||
| @@ -413,7 +416,7 @@ GNUNET_NETWORK_socket_bind (struct GNUNET_NETWORK_Handle *desc, | |||
| 413 | { | 416 | { |
| 414 | const int on = 1; | 417 | const int on = 1; |
| 415 | 418 | ||
| 416 | if (desc->af == AF_INET6) | 419 | if (AF_INET6 == desc->af) |
| 417 | if (setsockopt (desc->fd, IPPROTO_IPV6, IPV6_V6ONLY, | 420 | if (setsockopt (desc->fd, IPPROTO_IPV6, IPV6_V6ONLY, |
| 418 | (const void *) &on, | 421 | (const void *) &on, |
| 419 | sizeof (on))) | 422 | sizeof (on))) |
| @@ -431,7 +434,22 @@ GNUNET_NETWORK_socket_bind (struct GNUNET_NETWORK_Handle *desc, | |||
| 431 | LOG_STRERROR (GNUNET_ERROR_TYPE_DEBUG, "setsockopt"); | 434 | LOG_STRERROR (GNUNET_ERROR_TYPE_DEBUG, "setsockopt"); |
| 432 | } | 435 | } |
| 433 | #endif | 436 | #endif |
| 434 | ret = bind (desc->fd, address, bind_address_len); | 437 | #ifndef WINDOWS |
| 438 | { | ||
| 439 | /* set permissions of newly created UNIX domain socket to "user-only"; applications | ||
| 440 | can choose to relax this later */ | ||
| 441 | mode_t old_mask; | ||
| 442 | |||
| 443 | if (AF_UNIX == address->sa_family) | ||
| 444 | old_mask = umask (S_IWGRP | S_IRGRP | S_IXGRP | S_IWOTH | S_IROTH | S_IXOTH); | ||
| 445 | #endif | ||
| 446 | |||
| 447 | ret = bind (desc->fd, address, bind_address_len); | ||
| 448 | #ifndef WINDOWS | ||
| 449 | if (AF_UNIX == address->sa_family) | ||
| 450 | (void) umask (old_mask); | ||
| 451 | } | ||
| 452 | #endif | ||
| 435 | #ifdef MINGW | 453 | #ifdef MINGW |
| 436 | if (SOCKET_ERROR == ret) | 454 | if (SOCKET_ERROR == ret) |
| 437 | SetErrnoFromWinsockError (WSAGetLastError ()); | 455 | SetErrnoFromWinsockError (WSAGetLastError ()); |
| @@ -477,8 +495,8 @@ GNUNET_NETWORK_socket_close (struct GNUNET_NETWORK_Handle *desc) | |||
| 477 | const struct sockaddr_un *un = (const struct sockaddr_un *) desc->addr; | 495 | const struct sockaddr_un *un = (const struct sockaddr_un *) desc->addr; |
| 478 | 496 | ||
| 479 | if (0 != unlink (un->sun_path)) | 497 | if (0 != unlink (un->sun_path)) |
| 480 | LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, | 498 | LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, |
| 481 | "unlink", | 499 | "unlink", |
| 482 | un->sun_path); | 500 | un->sun_path); |
| 483 | } | 501 | } |
| 484 | #endif | 502 | #endif |
| @@ -550,12 +568,15 @@ GNUNET_NETWORK_socket_connect (const struct GNUNET_NETWORK_Handle *desc, | |||
| 550 | if (address->sa_family == AF_UNIX) | 568 | if (address->sa_family == AF_UNIX) |
| 551 | { | 569 | { |
| 552 | const struct sockaddr_un *address_un = (const struct sockaddr_un *)address; | 570 | const struct sockaddr_un *address_un = (const struct sockaddr_un *)address; |
| 553 | if(address_un->sun_path[0] == '\0') | 571 | if (address_un->sun_path[0] == '\0') |
| 554 | address_len = \ | 572 | { |
| 573 | address_len = \ | ||
| 555 | sizeof (struct sockaddr_un) \ | 574 | sizeof (struct sockaddr_un) \ |
| 556 | - sizeof (address_un->sun_path) \ | 575 | - sizeof (address_un->sun_path) \ |
| 557 | + strnlen (address_un->sun_path + 1, sizeof (address_un->sun_path) - 1) \ | 576 | + strnlen (address_un->sun_path + 1, sizeof (address_un->sun_path) - 1) \ |
| 558 | + 1; | 577 | + 1; |
| 578 | GNUNET_break (0); | ||
| 579 | } | ||
| 559 | } | 580 | } |
| 560 | #endif | 581 | #endif |
| 561 | ret = connect (desc->fd, address, address_len); | 582 | ret = connect (desc->fd, address, address_len); |