From 58e945528491acd5d03800ff01b11710a71e5a9b Mon Sep 17 00:00:00 2001 From: Ossama Othman Date: Sun, 8 Jul 2001 18:30:28 +0000 Subject: Sun Jul 08 11:26:23 2001 Ossama Othman --- ChangeLog | 25 +++++++++++++++++++++++++ ChangeLogs/ChangeLog-02a | 25 +++++++++++++++++++++++++ ChangeLogs/ChangeLog-03a | 25 +++++++++++++++++++++++++ ace/FILE_Connector.cpp | 40 +++++++++++++++++++++++++++++++++------- ace/FILE_Connector.h | 4 ++-- ace/OS.h | 1 + ace/OS.i | 8 ++++++++ ace/config-vxworks5.x.h | 1 + ace/config-win32-common.h | 1 + 9 files changed, 121 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index ef32a0b21a8..cba70df3e50 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,28 @@ +Sun Jul 08 11:26:23 2001 Ossama Othman + + * ace/OS.h (mkstemp): + * ace/OS.i (mkstemp): + + New mkstemp() wrapper. It is assumed to be available on the + given platform, unless ACE_LACKS_MKSTEMP is defined. + + * ace/FILE_Connector.h: + + Added O_EXCL to the default flags. This is a security hole + fix. + + * ace/FILE_Connector.cpp (connect): + + If mkstemp() is available, then use it to create a temporary + file rather than mktemp() (via ACE_FILE_Addr) since mktemp() is + susceptible to a denial-of-service attack. + + * ace/config-win32-common.h: + * ace/config-vxworks5.x.h: + + mkstemp() is not supported on MS Windows and VxWorks. Define + ACE_LACKS_MKSTEMP in these headers. + Sun Jul 8 08:13:12 2001 Douglas C. Schmidt * ace/Select_Reactor_Base.h: Added a comment explaining what diff --git a/ChangeLogs/ChangeLog-02a b/ChangeLogs/ChangeLog-02a index ef32a0b21a8..cba70df3e50 100644 --- a/ChangeLogs/ChangeLog-02a +++ b/ChangeLogs/ChangeLog-02a @@ -1,3 +1,28 @@ +Sun Jul 08 11:26:23 2001 Ossama Othman + + * ace/OS.h (mkstemp): + * ace/OS.i (mkstemp): + + New mkstemp() wrapper. It is assumed to be available on the + given platform, unless ACE_LACKS_MKSTEMP is defined. + + * ace/FILE_Connector.h: + + Added O_EXCL to the default flags. This is a security hole + fix. + + * ace/FILE_Connector.cpp (connect): + + If mkstemp() is available, then use it to create a temporary + file rather than mktemp() (via ACE_FILE_Addr) since mktemp() is + susceptible to a denial-of-service attack. + + * ace/config-win32-common.h: + * ace/config-vxworks5.x.h: + + mkstemp() is not supported on MS Windows and VxWorks. Define + ACE_LACKS_MKSTEMP in these headers. + Sun Jul 8 08:13:12 2001 Douglas C. Schmidt * ace/Select_Reactor_Base.h: Added a comment explaining what diff --git a/ChangeLogs/ChangeLog-03a b/ChangeLogs/ChangeLog-03a index ef32a0b21a8..cba70df3e50 100644 --- a/ChangeLogs/ChangeLog-03a +++ b/ChangeLogs/ChangeLog-03a @@ -1,3 +1,28 @@ +Sun Jul 08 11:26:23 2001 Ossama Othman + + * ace/OS.h (mkstemp): + * ace/OS.i (mkstemp): + + New mkstemp() wrapper. It is assumed to be available on the + given platform, unless ACE_LACKS_MKSTEMP is defined. + + * ace/FILE_Connector.h: + + Added O_EXCL to the default flags. This is a security hole + fix. + + * ace/FILE_Connector.cpp (connect): + + If mkstemp() is available, then use it to create a temporary + file rather than mktemp() (via ACE_FILE_Addr) since mktemp() is + susceptible to a denial-of-service attack. + + * ace/config-win32-common.h: + * ace/config-vxworks5.x.h: + + mkstemp() is not supported on MS Windows and VxWorks. Define + ACE_LACKS_MKSTEMP in these headers. + Sun Jul 8 08:13:12 2001 Douglas C. Schmidt * ace/Select_Reactor_Base.h: Added a comment explaining what diff --git a/ace/FILE_Connector.cpp b/ace/FILE_Connector.cpp index e3b4306f10c..d858fc68c5f 100644 --- a/ace/FILE_Connector.cpp +++ b/ace/FILE_Connector.cpp @@ -39,20 +39,46 @@ ACE_FILE_Connector::connect (ACE_FILE_IO &new_io, ACE_TRACE ("ACE_FILE_Connector::connect"); ACE_ASSERT (new_io.get_handle () == ACE_INVALID_HANDLE); + ACE_HANDLE handle = ACE_INVALID_HANDLE; + // Check to see if caller has requested that we create the filename. if (ACE_reinterpret_cast (const ACE_Addr &, ACE_const_cast (ACE_FILE_Addr &, remote_sap)) == ACE_Addr::sap_any) - // Create a new temporary file. - new_io.addr_ = - ACE_FILE_Addr (ACE_sap_any_cast (ACE_FILE_Addr &)); // class copy. + { + // Create a new temporary file. +#ifdef ACE_LACKS_MKSTEMP + new_io.addr_ = + ACE_FILE_Addr (ACE_sap_any_cast (ACE_FILE_Addr &)); // class copy. +#else + // Use ACE_OS::mkstemp() if it is available since it avoids a + // race condition, and subsequently a security hole due to that + // race condition (specifically, a denial-of-service attack). + // + // However, using mkstemp() prevents us from doing a timed open + // since it opens the file for us. Better to avoid the race + // condition. + char filename[] = "ace-file-XXXXXX"; + + handle = ACE_OS::mkstemp (filename); // mkstemp() replaces "XXXXXX" + + if (handle == ACE_INVALID_HANDLE + || new_io.addr_.set (filename) != 0) + return -1; + + new_io.set_handle (handle); + + return 0; +#endif /* ACE_LACKS_MKSTEMP */ + } else new_io.addr_ = remote_sap; // class copy. - ACE_HANDLE handle = ACE_Handle_Ops::handle_timed_open (timeout, - new_io.addr_.get_path_name (), - flags, - perms); + handle = ACE_Handle_Ops::handle_timed_open (timeout, + new_io.addr_.get_path_name (), + flags, + perms); + new_io.set_handle (handle); return handle == ACE_INVALID_HANDLE ? -1 : 0; } diff --git a/ace/FILE_Connector.h b/ace/FILE_Connector.h index 0675b3ff584..6880d2c9a35 100644 --- a/ace/FILE_Connector.h +++ b/ace/FILE_Connector.h @@ -54,7 +54,7 @@ public: ACE_Time_Value *timeout = 0, const ACE_Addr &local_sap = ACE_Addr::sap_any, int reuse_addr = 0, - int flags = O_RDWR | O_CREAT, + int flags = O_RDWR | O_CREAT | O_EXCL, int perms = ACE_DEFAULT_FILE_PERMS); /** @@ -78,7 +78,7 @@ public: ACE_Time_Value *timeout = 0, const ACE_Addr &local_sap = ACE_Addr::sap_any, int reuse_addr = 0, - int flags = O_RDWR | O_CREAT, + int flags = O_RDWR | O_CREAT | O_EXCL, int perms = ACE_DEFAULT_FILE_PERMS); /// Resets any event associations on this handle diff --git a/ace/OS.h b/ace/OS.h index 3c4e1ef94ff..319c8175176 100644 --- a/ace/OS.h +++ b/ace/OS.h @@ -6082,6 +6082,7 @@ public: static int mkfifo (const ACE_TCHAR *file, mode_t mode = ACE_DEFAULT_FILE_PERMS); static ACE_TCHAR *mktemp (ACE_TCHAR *t); + static ACE_HANDLE mkstemp (ACE_TCHAR *t); static ACE_TCHAR *getcwd (ACE_TCHAR *, size_t); static int rename (const ACE_TCHAR *old_name, const ACE_TCHAR *new_name, diff --git a/ace/OS.i b/ace/OS.i index db45cf6e7d9..e8714631442 100644 --- a/ace/OS.i +++ b/ace/OS.i @@ -545,6 +545,14 @@ ACE_OS::mktemp (ACE_TCHAR *s) } #endif /* !ACE_LACKS_MKTEMP */ +#if !defined (ACE_LACKS_MKSTEMP) +ACE_INLINE ACE_HANDLE +ACE_OS::mkstemp (ACE_TCHAR *s) +{ + return ::mkstemp (s); +} +#endif /* !ACE_LACKS_MKSTEMP */ + ACE_INLINE int ACE_OS::mkfifo (const ACE_TCHAR *file, mode_t mode) { diff --git a/ace/config-vxworks5.x.h b/ace/config-vxworks5.x.h index 38956cc8a0f..d9f29d01857 100644 --- a/ace/config-vxworks5.x.h +++ b/ace/config-vxworks5.x.h @@ -126,6 +126,7 @@ #define ACE_LACKS_MEMORY_H #define ACE_LACKS_MKFIFO #define ACE_LACKS_MKTEMP +#define ACE_LACKS_MKSTEMP #define ACE_LACKS_MMAP #define ACE_LACKS_MPROTECT #define ACE_LACKS_MSYNC diff --git a/ace/config-win32-common.h b/ace/config-win32-common.h index 36dde43d5fd..94fbb1edca4 100644 --- a/ace/config-win32-common.h +++ b/ace/config-win32-common.h @@ -511,6 +511,7 @@ typedef unsigned long long ACE_UINT64; #define ACE_SIZEOF_WCHAR 2 #define ACE_HAS_MUTEX_TIMEOUTS #define ACE_LACKS_STRUCT_DIR +#define ACE_LACKS_MKSTEMP #include "ace/post.h" #endif /* ACE_CONFIG_WIN32_COMMON_H */ -- cgit v1.2.1