diff options
| author |   claudio <claudio@openbsd.org> | 2021-03-02 09:08:59 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2021-03-02 09:08:59 +0000 |
| commit | b015ea5655e7ff696d8c3d37ddc315da58583adf (patch) | |
| tree | 5509b0f7b4e735de96a885627f7b63a3fcd99593 | |
| parent | When building the chain of the intermediate certificates do not include the (diff) | |
| download | wireguard-openbsd-b015ea5655e7ff696d8c3d37ddc315da58583adf.tar.xz wireguard-openbsd-b015ea5655e7ff696d8c3d37ddc315da58583adf.zip | |
Open both the cachedir and outputdir early and use fchdir(2) to
switch between the two.
OK deraadt@ job@
| -rw-r--r-- | usr.sbin/rpki-client/extern.h | 3 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/main.c | 38 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/output.c | 8 |
3 files changed, 23 insertions, 26 deletions
diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index fb71c6d8fa5..ec7ad26ac69 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.47 2021/02/22 09:46:05 claudio Exp $ */ +/* $OpenBSD: extern.h,v 1.48 2021/03/02 09:08:59 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -435,7 +435,6 @@ extern int outformats; #define FORMAT_BIRD 0x02 #define FORMAT_CSV 0x04 #define FORMAT_JSON 0x08 -extern char* outputdir; int outputfiles(struct vrp_tree *v, struct stats *); int outputheader(FILE *, struct stats *); diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index f473c24c3f0..b69c6b9a594 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.106 2021/02/27 08:59:29 claudio Exp $ */ +/* $OpenBSD: main.c,v 1.107 2021/03/02 09:08:59 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -92,7 +92,7 @@ RB_PROTOTYPE(filepath_tree, filepath, entry, filepathcmp); static struct filepath_tree fpt = RB_INITIALIZER(&fpt); static struct msgbuf procq, rsyncq; -static int cachefd; +static int cachefd, outdirfd; const char *bird_tablename = "ROAS"; @@ -695,17 +695,13 @@ add_to_del(char **del, size_t *dsz, char *file) } static size_t -repo_cleanup(int dirfd) +repo_cleanup(void) { size_t i, delsz = 0; char *argv[2], **del = NULL; FTS *fts; FTSENT *e; - /* change working directory to the cache directory */ - if (fchdir(dirfd) == -1) - err(1, "fchdir"); - for (i = 0; i < rt.reposz; i++) { if (asprintf(&argv[0], "%s", rt.repos[i].local) == -1) err(1, NULL); @@ -781,8 +777,8 @@ main(int argc, char *argv[]) struct roa **out = NULL; char *rsync_prog = "openrsync"; char *bind_addr = NULL; - const char *cachedir = NULL, *errs; - const char *tals[TALSZ_MAX]; + const char *cachedir = NULL, *outputdir = NULL; + const char *tals[TALSZ_MAX], *errs; struct vrp_tree v = RB_INITIALIZER(&v); struct rusage ru; struct timeval start_time, now_time; @@ -879,6 +875,8 @@ main(int argc, char *argv[]) if ((cachefd = open(cachedir, O_RDONLY, 0)) == -1) err(1, "cache directory %s", cachedir); + if ((outdirfd = open(outputdir, O_RDONLY, 0)) == -1) + err(1, "output directory %s", outputdir); if (outformats == 0) outformats = FORMAT_OPENBGPD; @@ -890,6 +888,10 @@ main(int argc, char *argv[]) TAILQ_INIT(&q); + /* change working directory to the cache directory */ + if (fchdir(cachefd) == -1) + err(1, "fchdir"); + /* * Create the file reader as a jailed child process. * It will be responsible for reading all of the files (ROAs, @@ -904,12 +906,8 @@ main(int argc, char *argv[]) if (procpid == 0) { close(fd[1]); - /* change working directory to the cache directory */ - if (fchdir(cachefd) == -1) - err(1, "fchdir"); - /* Only allow access to the cache directory. */ - if (unveil(cachedir, "r") == -1) + if (unveil(".", "r") == -1) err(1, "%s: unveil", cachedir); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); @@ -937,10 +935,6 @@ main(int argc, char *argv[]) close(proc); close(fd[1]); - /* change working directory to the cache directory */ - if (fchdir(cachefd) == -1) - err(1, "fchdir"); - if (pledge("stdio rpath proc exec unveil", NULL) == -1) err(1, "pledge"); @@ -1087,6 +1081,9 @@ main(int argc, char *argv[]) rc = 1; } } + + stats.del_files = repo_cleanup(); + gettimeofday(&now_time, NULL); timersub(&now_time, &start_time, &stats.elapsed_time); if (getrusage(RUSAGE_SELF, &ru) == 0) { @@ -1098,10 +1095,13 @@ main(int argc, char *argv[]) timeradd(&stats.system_time, &ru.ru_stime, &stats.system_time); } + /* change working directory to the cache directory */ + if (fchdir(outdirfd) == -1) + err(1, "fchdir output dir"); + if (outputfiles(&v, &stats)) rc = 1; - stats.del_files = repo_cleanup(cachefd); logx("Route Origin Authorizations: %zu (%zu failed parse, %zu invalid)", stats.roas, stats.roas_fail, stats.roas_invalid); diff --git a/usr.sbin/rpki-client/output.c b/usr.sbin/rpki-client/output.c index 8a7b9c5a447..40a75812d61 100644 --- a/usr.sbin/rpki-client/output.c +++ b/usr.sbin/rpki-client/output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: output.c,v 1.20 2021/02/18 10:10:20 claudio Exp $ */ +/* $OpenBSD: output.c,v 1.21 2021/03/02 09:08:59 claudio Exp $ */ /* * Copyright (c) 2019 Theo de Raadt <deraadt@openbsd.org> * @@ -56,7 +56,6 @@ #include "extern.h" -char *outputdir; int outformats; static char output_tmpname[PATH_MAX]; @@ -126,9 +125,8 @@ output_createtmp(char *name) FILE *f; int fd, r; - r = snprintf(output_name, sizeof output_name, - "%s/%s", outputdir, name); - if (r < 0 || r > (int)sizeof(output_name)) + if (strlcpy(output_name, name, sizeof output_name) >= + sizeof output_name) err(1, "path too long"); r = snprintf(output_tmpname, sizeof output_tmpname, "%s.XXXXXXXXXXX", output_name); |