Merge remote-tracking branch 'tor-gitlab/mr/205' into maint-0.4.5

author: George Kadianakis <desnacked@riseup.net> 2020-12-15 16:28:49 +0200
committer: George Kadianakis <desnacked@riseup.net> 2020-12-15 16:28:49 +0200
commit: c731a4efec3c7206bbbb8d2ba39c970fcb0c9f36 (patch)
tree: 85ff67b2c6469bb11db661484fc4a34cbf6967d3 /src/lib/fs
parent: e74f168bb4df0b06d4f224421570e160cfcdb7a9 (diff)
parent: bd0046c9ec5bf6556d4ecf6b111b0de4c0266ebd (diff)
download: tor-c731a4efec3c7206bbbb8d2ba39c970fcb0c9f36.tar.gz
tor-c731a4efec3c7206bbbb8d2ba39c970fcb0c9f36.zip
2 files changed, 45 insertions, 11 deletions
diff --git a/src/lib/fs/conffile.c b/src/lib/fs/conffile.c
index f1f6d8ae5f..0d0bdf09a6 100644
--- a/src/lib/fs/conffile.c
+++ b/src/lib/fs/conffile.c
@@ -19,9 +19,11 @@
 #include "lib/fs/path.h"
 #include "lib/log/log.h"
 #include "lib/malloc/malloc.h"
+#include "lib/sandbox/sandbox.h"
 #include "lib/string/printf.h"
 
 #include <stdbool.h>
+#include <errno.h>
 
 static smartlist_t *config_get_file_list(const char *path,
                                          smartlist_t *opened_files);
@@ -52,21 +54,26 @@ config_get_lines_include(const char *string, config_line_t **result,
                               opened_lst, 1, NULL, config_process_include);
 }
 
-/** Returns a list of paths obtained when expading globs in <b>pattern</b>. If
- * <b>pattern</b> has no globs, returns a list with <b>pattern</b> if it is an
- * existing path or NULL otherwise. If <b>opened_files</b> is provided, adds
- * paths opened by glob to it. Returns NULL on failure. */
+/** Return a list of paths obtained when expading globs in <b>pattern</b>.
+ * If <b>pattern</b> has no globs, return a list with <b>pattern</b> in it.
+ * If <b>opened_files</b> is provided, add paths opened by glob to it.
+ * Return NULL on failure. */
 static smartlist_t *
 expand_glob(const char *pattern, smartlist_t *opened_files)
 {
-  smartlist_t *matches = tor_glob(pattern);
-  if (!matches) {
-    return NULL;
+  if (! has_glob(pattern)) {
+    smartlist_t *matches = smartlist_new();
+    smartlist_add_strdup(matches, pattern);
+    return matches;
   }
 
-  // if it is not a glob, return error when the path is missing
-  if (!has_glob(pattern) && smartlist_len(matches) == 0) {
-    smartlist_free(matches);
+  smartlist_t *matches = tor_glob(pattern);
+  if (!matches) {
+    if (errno == EPERM) {
+      log_err(LD_CONFIG, "Sandbox is active, but the configuration pattern "
+              "\"%s\" listed with %%include would access files or folders not "
+              "allowed by it. Cannot proceed.", pattern);
+    }
     return NULL;
   }
 
@@ -107,6 +114,13 @@ config_get_file_list(const char *pattern, smartlist_t *opened_files)
     if (opened_files) {
       smartlist_add_strdup(opened_files, path);
     }
+    if (sandbox_interned_string_is_missing(path)) {
+      log_err(LD_CONFIG, "Sandbox is active, but a new configuration "
+              "file \"%s\" has been listed with %%include. Cannot proceed.",
+              path);
+      error_found = true;
+      break;
+    }
 
     file_status_t file_type = file_status(path);
     if (file_type == FN_FILE) {
@@ -201,6 +215,13 @@ config_process_include(const char *pattern, int recursion_level, int extended,
 
   int rv = -1;
   SMARTLIST_FOREACH_BEGIN(config_files, const char *, config_file) {
+    if (sandbox_interned_string_is_missing(config_file)) {
+      log_err(LD_CONFIG, "Sandbox is active, but a new configuration "
+              "file \"%s\" has been listed with %%include. Cannot proceed.",
+              config_file);
+      goto done;
+    }
+
     log_notice(LD_CONFIG, "Including configuration file \"%s\".", config_file);
     config_line_t *included_config = NULL;
     config_line_t *included_config_last = NULL;
diff --git a/src/lib/fs/path.c b/src/lib/fs/path.c
index fc759f6169..c2fdddb9db 100644
--- a/src/lib/fs/path.c
+++ b/src/lib/fs/path.c
@@ -537,6 +537,10 @@ unglob_win32(const char *pattern, int prev_sep, int next_sep)
 static DIR *
 prot_opendir(const char *name)
 {
+  if (sandbox_interned_string_is_missing(name)) {
+    errno = EPERM;
+    return NULL;
+  }
   return opendir(sandbox_intern_string(name));
 }
 
@@ -544,6 +548,10 @@ prot_opendir(const char *name)
 static int
 prot_stat(const char *pathname, struct stat *buf)
 {
+  if (sandbox_interned_string_is_missing(pathname)) {
+    errno = EPERM;
+    return -1;
+  }
   return stat(sandbox_intern_string(pathname), buf);
 }
 
@@ -551,6 +559,10 @@ prot_stat(const char *pathname, struct stat *buf)
 static int
 prot_lstat(const char *pathname, struct stat *buf)
 {
+  if (sandbox_interned_string_is_missing(pathname)) {
+    errno = EPERM;
+    return -1;
+  }
   return lstat(sandbox_intern_string(pathname), buf);
 }
 /** As closedir, but has the right type for gl_closedir */
@@ -563,7 +575,8 @@ wrap_closedir(void *arg)
 
 /** Return a new list containing the paths that match the pattern
  * <b>pattern</b>. Return NULL on error. On POSIX systems, errno is set by the
- * glob function.
+ * glob function or is set to EPERM if glob tried to access a file not allowed
+ * by the seccomp sandbox.
  */
 struct smartlist_t *
 tor_glob(const char *pattern)
author	George Kadianakis <desnacked@riseup.net>	2020-12-15 16:28:49 +0200
committer	George Kadianakis <desnacked@riseup.net>	2020-12-15 16:28:49 +0200
commit	c731a4efec3c7206bbbb8d2ba39c970fcb0c9f36 (patch)
tree	85ff67b2c6469bb11db661484fc4a34cbf6967d3 /src/lib/fs
parent	e74f168bb4df0b06d4f224421570e160cfcdb7a9 (diff)
parent	bd0046c9ec5bf6556d4ecf6b111b0de4c0266ebd (diff)
download	tor-c731a4efec3c7206bbbb8d2ba39c970fcb0c9f36.tar.gz tor-c731a4efec3c7206bbbb8d2ba39c970fcb0c9f36.zip