diff options
| author | Nick Mathewson <nickm@torproject.org> | 2020-11-12 11:55:55 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-11-12 11:55:55 -0500 |
| commit | dbc8d2a4e476c06f59db3ff79b66afc8bc4ea27c (patch) | |
| tree | a121f0acd9193829ba57dbc3075495807f46e3ca /src/lib/fs | |
| parent | e2d3c9c5f82a1369385dd99765c31ba479ba8f23 (diff) | |
| download | tor-dbc8d2a4e476c06f59db3ff79b66afc8bc4ea27c.tar.gz tor-dbc8d2a4e476c06f59db3ff79b66afc8bc4ea27c.zip | |
When handling includes, detect missing interned strings earlier.
There were three separate places where we were hitting a sandbox Bug
warning before we actually exited.
Fixes #40094; bugfix on 0.3.1.1-alpha when %includes were introduced.
Diffstat (limited to 'src/lib/fs')
| -rw-r--r-- | src/lib/fs/conffile.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/src/lib/fs/conffile.c b/src/lib/fs/conffile.c index f1f6d8ae5f..1f58a3590c 100644 --- a/src/lib/fs/conffile.c +++ b/src/lib/fs/conffile.c @@ -19,6 +19,7 @@ #include "lib/fs/path.h" #include "lib/log/log.h" #include "lib/malloc/malloc.h" +#include "lib/sandbox/sandbox.h" #include "lib/string/printf.h" #include <stdbool.h> @@ -59,14 +60,14 @@ config_get_lines_include(const char *string, config_line_t **result, static smartlist_t * expand_glob(const char *pattern, smartlist_t *opened_files) { - smartlist_t *matches = tor_glob(pattern); - if (!matches) { - return NULL; + if (! has_glob(pattern)) { + smartlist_t *matches = smartlist_new(); + smartlist_add_strdup(matches, pattern); + return matches; } - // if it is not a glob, return error when the path is missing - if (!has_glob(pattern) && smartlist_len(matches) == 0) { - smartlist_free(matches); + smartlist_t *matches = tor_glob(pattern); + if (!matches) { return NULL; } @@ -107,6 +108,13 @@ config_get_file_list(const char *pattern, smartlist_t *opened_files) if (opened_files) { smartlist_add_strdup(opened_files, path); } + if (sandbox_interned_string_is_missing(path)) { + log_err(LD_CONFIG, "Sandbox is active, but a new configuration " + "file \"%s\" has been listed with %%include. Cannot proceed.", + path); + error_found = true; + break; + } file_status_t file_type = file_status(path); if (file_type == FN_FILE) { @@ -201,6 +209,13 @@ config_process_include(const char *pattern, int recursion_level, int extended, int rv = -1; SMARTLIST_FOREACH_BEGIN(config_files, const char *, config_file) { + if (sandbox_interned_string_is_missing(config_file)) { + log_err(LD_CONFIG, "Sandbox is active, but a new configuration " + "file \"%s\" has been listed with %%include. Cannot proceed.", + config_file); + goto done; + } + log_notice(LD_CONFIG, "Including configuration file \"%s\".", config_file); config_line_t *included_config = NULL; config_line_t *included_config_last = NULL; |