[Dnsmasq-discuss] [PATCH] Validate the tftp root directory option
Daniel Veillard
veillard at redhat.com
Tue Jun 12 04:57:44 BST 2012
Hi Simon,
in response to the following bug
https://bugzilla.redhat.com/show_bug.cgi?id=824214
I made the small patch below checking the tftp root directory.
The only downside I could see would be if using a symlink for
the patch given on the command line as S_ISDIR() will not catch
this, I'm not sure it's worth adding readlink() complexity.
Also I wasn't sure the patch should reindent the full block.
Any opinions ?
Daniel
P.S.: thanks for adding a git ! ;-)
Validate the tftp root directory option
Add code to validate that the tftp directory given
actually exists and is a directory. This slightly improves
security and allows to pinpoint the error immediately at startup
diff --git a/src/option.c b/src/option.c
index d7634bb..9eda4f6 100644
--- a/src/option.c
+++ b/src/option.c
@@ -1915,7 +1915,13 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
break;
case LOPT_PREFIX: /* --tftp-prefix */
+ {
+ struct stat statbuf;
+
comma = split(arg);
+
+ if ((stat(arg, &statbuf) < 0) || (!(S_ISDIR(statbuf.st_mode))))
+ die(_("cannot access directory %s: %s"), arg, EC_FILE);
if (comma)
{
struct tftp_prefix *new = opt_malloc(sizeof(struct tftp_prefix));
@@ -1927,6 +1933,7 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
else
daemon->tftp_prefix = opt_string_alloc(arg);
break;
+ }
case LOPT_TFTPPORTS: /* --tftp-port-range */
if (!(comma = split(arg)) ||
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the Dnsmasq-discuss
mailing list