consider HELPER_PATH for setuid binaries

author: lurchi <lurchi@strangeplace.net> 2018-11-26 19:04:02 +0100
committer: lurchi <lurchi@strangeplace.net> 2019-06-27 18:22:24 +0200
commit: 7aba81537bfb410ab71db1702dbf2f1104b5d39f (patch)
tree: 8b99ed390080ec22b4ab8958f74a05a61591abd0 /src/vpn
parent: e9a48fc54a426debfac840e5b1c228047133ef10 (diff)
download: gnunet-7aba81537bfb410ab71db1702dbf2f1104b5d39f.tar.gz
gnunet-7aba81537bfb410ab71db1702dbf2f1104b5d39f.zip
1 files changed, 17 insertions, 5 deletions
diff --git a/src/vpn/gnunet-service-vpn.c b/src/vpn/gnunet-service-vpn.c
index 91bc13fd8..7f9209b67 100644
--- a/src/vpn/gnunet-service-vpn.c
+++ b/src/vpn/gnunet-service-vpn.c
@@ -2934,10 +2934,17 @@ run (void *cls,
  char *ipv4mask;
  struct in_addr v4;
  struct in6_addr v6;
+  char *helper_path;
  char *binary;
-  binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-vpn");
+  cfg = cfg_;
+  helper_path = NULL;
+  GNUNET_CONFIGURATION_get_value_string (cfg,
+                                         "VPN",
+                                         "HELPER_PATH",
+                                         &helper_path);
+  binary = GNUNET_OS_get_binary_path ("gnunet-helper-vpn", helper_path);
+  GNUNET_free_non_null (helper_path);
  if (GNUNET_YES !=
      GNUNET_OS_check_helper_binary (binary,
                                     GNUNET_YES,
@@ -2953,8 +2960,6 @@ run (void *cls,
       anything either */
    return;
  }
-  GNUNET_free (binary);
-  cfg = cfg_;
  stats = GNUNET_STATISTICS_create ("vpn", cfg);
  if (GNUNET_OK !=
      GNUNET_CONFIGURATION_get_value_number (cfg,
@@ -2980,6 +2985,7 @@ run (void *cls,
      GNUNET_CONFIGURATION_get_value_string (cfg, "VPN", "IFNAME", &ifname))
  {
    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "VPN", "IFNAME");
+    GNUNET_free (binary);
    GNUNET_SCHEDULER_shutdown ();
    return;
  }
@@ -2995,6 +3001,7 @@ run (void *cls,
      GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV6ADDR",
                                 _("Must specify valid IPv6 address"));
      GNUNET_SCHEDULER_shutdown ();
+      GNUNET_free (binary);
      GNUNET_free_non_null (ipv6addr);
      return;
    }
@@ -3006,6 +3013,7 @@ run (void *cls,
    {
      GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV6PREFIX");
      GNUNET_SCHEDULER_shutdown ();
+      GNUNET_free (binary);
      GNUNET_free_non_null (ipv6prefix_s);
      return;
    }
@@ -3018,6 +3026,7 @@ run (void *cls,
    {
      GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV4MASK",
                                 _("Must specify valid IPv6 mask"));
+      GNUNET_free (binary);
      GNUNET_SCHEDULER_shutdown ();
      return;
    }
@@ -3039,6 +3048,7 @@ run (void *cls,
    {
      GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV4ADDR",
                                 _("Must specify valid IPv4 address"));
+      GNUNET_free (binary);
      GNUNET_SCHEDULER_shutdown ();
      GNUNET_free_non_null (ipv4addr);
      return;
@@ -3053,6 +3063,7 @@ run (void *cls,
      GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV4MASK",
                                 _("Must specify valid IPv4 mask"));
      GNUNET_SCHEDULER_shutdown ();
+      GNUNET_free (binary);
      GNUNET_free_non_null (ipv4mask);
      return;
    }
@@ -3070,8 +3081,9 @@ run (void *cls,
  cadet_handle = GNUNET_CADET_connect (cfg_);
    // FIXME never opens ports???
  helper_handle = GNUNET_HELPER_start (GNUNET_NO,
-                                       "gnunet-helper-vpn", vpn_argv,
+                                       binary, vpn_argv,
                                       &message_token, NULL, NULL);
+  GNUNET_free (binary);
  GNUNET_SCHEDULER_add_shutdown (&cleanup,
                                 NULL);
 }
author	lurchi <lurchi@strangeplace.net>	2018-11-26 19:04:02 +0100
committer	lurchi <lurchi@strangeplace.net>	2019-06-27 18:22:24 +0200
commit	7aba81537bfb410ab71db1702dbf2f1104b5d39f (patch)
tree	8b99ed390080ec22b4ab8958f74a05a61591abd0 /src/vpn
parent	e9a48fc54a426debfac840e5b1c228047133ef10 (diff)
download	gnunet-7aba81537bfb410ab71db1702dbf2f1104b5d39f.tar.gz gnunet-7aba81537bfb410ab71db1702dbf2f1104b5d39f.zip

diff --git a/src/vpn/gnunet-service-vpn.c b/src/vpn/gnunet-service-vpn.c index 91bc13fd8..7f9209b67 100644 --- a/src/vpn/gnunet-service-vpn.c +++ b/src/vpn/gnunet-service-vpn.c
@@ -2934,10 +2934,17 @@ run (void *cls,
2934	char *ipv4mask;	2934	char *ipv4mask;
2935	struct in_addr v4;	2935	struct in_addr v4;
2936	struct in6_addr v6;	2936	struct in6_addr v6;
		2937	char *helper_path;
2937	char *binary;	2938	char *binary;
2938		2939
2939	binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-vpn");	2940	cfg = cfg_;
2940		2941	helper_path = NULL;
		2942	GNUNET_CONFIGURATION_get_value_string (cfg,
		2943	"VPN",
		2944	"HELPER_PATH",
		2945	&helper_path);
		2946	binary = GNUNET_OS_get_binary_path ("gnunet-helper-vpn", helper_path);
		2947	GNUNET_free_non_null (helper_path);
2941	if (GNUNET_YES !=	2948	if (GNUNET_YES !=
2942	GNUNET_OS_check_helper_binary (binary,	2949	GNUNET_OS_check_helper_binary (binary,
2943	GNUNET_YES,	2950	GNUNET_YES,
@@ -2953,8 +2960,6 @@ run (void *cls,
2953	anything either */	2960	anything either */
2954	return;	2961	return;
2955	}	2962	}
2956	GNUNET_free (binary);
2957	cfg = cfg_;
2958	stats = GNUNET_STATISTICS_create ("vpn", cfg);	2963	stats = GNUNET_STATISTICS_create ("vpn", cfg);
2959	if (GNUNET_OK !=	2964	if (GNUNET_OK !=
2960	GNUNET_CONFIGURATION_get_value_number (cfg,	2965	GNUNET_CONFIGURATION_get_value_number (cfg,
@@ -2980,6 +2985,7 @@ run (void *cls,
2980	GNUNET_CONFIGURATION_get_value_string (cfg, "VPN", "IFNAME", &ifname))	2985	GNUNET_CONFIGURATION_get_value_string (cfg, "VPN", "IFNAME", &ifname))
2981	{	2986	{
2982	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "VPN", "IFNAME");	2987	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "VPN", "IFNAME");
		2988	GNUNET_free (binary);
2983	GNUNET_SCHEDULER_shutdown ();	2989	GNUNET_SCHEDULER_shutdown ();
2984	return;	2990	return;
2985	}	2991	}
@@ -2995,6 +3001,7 @@ run (void *cls,
2995	GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV6ADDR",	3001	GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV6ADDR",
2996	_("Must specify valid IPv6 address"));	3002	_("Must specify valid IPv6 address"));
2997	GNUNET_SCHEDULER_shutdown ();	3003	GNUNET_SCHEDULER_shutdown ();
		3004	GNUNET_free (binary);
2998	GNUNET_free_non_null (ipv6addr);	3005	GNUNET_free_non_null (ipv6addr);
2999	return;	3006	return;
3000	}	3007	}
@@ -3006,6 +3013,7 @@ run (void *cls,
3006	{	3013	{
3007	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV6PREFIX");	3014	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV6PREFIX");
3008	GNUNET_SCHEDULER_shutdown ();	3015	GNUNET_SCHEDULER_shutdown ();
		3016	GNUNET_free (binary);
3009	GNUNET_free_non_null (ipv6prefix_s);	3017	GNUNET_free_non_null (ipv6prefix_s);
3010	return;	3018	return;
3011	}	3019	}
@@ -3018,6 +3026,7 @@ run (void *cls,
3018	{	3026	{
3019	GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV4MASK",	3027	GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV4MASK",
3020	_("Must specify valid IPv6 mask"));	3028	_("Must specify valid IPv6 mask"));
		3029	GNUNET_free (binary);
3021	GNUNET_SCHEDULER_shutdown ();	3030	GNUNET_SCHEDULER_shutdown ();
3022	return;	3031	return;
3023	}	3032	}
@@ -3039,6 +3048,7 @@ run (void *cls,
3039	{	3048	{
3040	GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV4ADDR",	3049	GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV4ADDR",
3041	_("Must specify valid IPv4 address"));	3050	_("Must specify valid IPv4 address"));
		3051	GNUNET_free (binary);
3042	GNUNET_SCHEDULER_shutdown ();	3052	GNUNET_SCHEDULER_shutdown ();
3043	GNUNET_free_non_null (ipv4addr);	3053	GNUNET_free_non_null (ipv4addr);
3044	return;	3054	return;
@@ -3053,6 +3063,7 @@ run (void *cls,
3053	GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV4MASK",	3063	GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV4MASK",
3054	_("Must specify valid IPv4 mask"));	3064	_("Must specify valid IPv4 mask"));
3055	GNUNET_SCHEDULER_shutdown ();	3065	GNUNET_SCHEDULER_shutdown ();
		3066	GNUNET_free (binary);
3056	GNUNET_free_non_null (ipv4mask);	3067	GNUNET_free_non_null (ipv4mask);
3057	return;	3068	return;
3058	}	3069	}
@@ -3070,8 +3081,9 @@ run (void *cls,
3070	cadet_handle = GNUNET_CADET_connect (cfg_);	3081	cadet_handle = GNUNET_CADET_connect (cfg_);
3071	// FIXME never opens ports???	3082	// FIXME never opens ports???
3072	helper_handle = GNUNET_HELPER_start (GNUNET_NO,	3083	helper_handle = GNUNET_HELPER_start (GNUNET_NO,
3073	"gnunet-helper-vpn", vpn_argv,	3084	binary, vpn_argv,
3074	&message_token, NULL, NULL);	3085	&message_token, NULL, NULL);
		3086	GNUNET_free (binary);
3075	GNUNET_SCHEDULER_add_shutdown (&cleanup,	3087	GNUNET_SCHEDULER_add_shutdown (&cleanup,
3076	NULL);	3088	NULL);
3077	}	3089	}