[Dnsmasq-discuss] [PATCH] Validate the tftp root directory option

Daniel Veillard veillard at redhat.com
Tue Jun 12 04:57:44 BST 2012

  Hi Simon,

in response to the following bug
I made the small patch below checking the tftp root directory.
The only downside I could see would be if using a symlink for
the patch given on the command line as S_ISDIR() will not catch
this, I'm not sure it's worth adding readlink() complexity.
Also I wasn't sure the patch should reindent the full block.

  Any opinions ?


P.S.: thanks for adding a git ! ;-)

    Validate the tftp root directory option
    Add code to validate that the tftp directory given
    actually exists and is a directory. This slightly improves
    security and allows to pinpoint the error immediately at startup

diff --git a/src/option.c b/src/option.c
index d7634bb..9eda4f6 100644
--- a/src/option.c
+++ b/src/option.c
@@ -1915,7 +1915,13 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
     case LOPT_PREFIX: /* --tftp-prefix */
+      {
+      struct stat statbuf;
       comma = split(arg);
+      if ((stat(arg, &statbuf) < 0) || (!(S_ISDIR(statbuf.st_mode))))
+        die(_("cannot access directory %s: %s"), arg, EC_FILE);
       if (comma)
 	  struct tftp_prefix *new = opt_malloc(sizeof(struct tftp_prefix));
@@ -1927,6 +1933,7 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
 	daemon->tftp_prefix = opt_string_alloc(arg);
+      }
     case LOPT_TFTPPORTS: /* --tftp-port-range */
       if (!(comma = split(arg)) || 

Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel at veillard.com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

More information about the Dnsmasq-discuss mailing list