diff options
Diffstat (limited to 'daemon.c')
-rw-r--r-- | daemon.c | 80 |
1 files changed, 23 insertions, 57 deletions
@@ -77,6 +77,7 @@ static void logreport(int priority, const char *err, va_list params) } } +__attribute__((format (printf, 1, 2))) static void logerror(const char *err, ...) { va_list params; @@ -85,6 +86,7 @@ static void logerror(const char *err, ...) va_end(params); } +__attribute__((format (printf, 1, 2))) static void loginfo(const char *err, ...) { va_list params; @@ -101,53 +103,6 @@ static void NORETURN daemon_die(const char *err, va_list params) exit(1); } -static int avoid_alias(char *p) -{ - int sl, ndot; - - /* - * This resurrects the belts and suspenders paranoia check by HPA - * done in <435560F7.4080006@zytor.com> thread, now enter_repo() - * does not do getcwd() based path canonicalizations. - * - * sl becomes true immediately after seeing '/' and continues to - * be true as long as dots continue after that without intervening - * non-dot character. - */ - if (!p || (*p != '/' && *p != '~')) - return -1; - sl = 1; ndot = 0; - p++; - - while (1) { - char ch = *p++; - if (sl) { - if (ch == '.') - ndot++; - else if (ch == '/') { - if (ndot < 3) - /* reject //, /./ and /../ */ - return -1; - ndot = 0; - } - else if (ch == 0) { - if (0 < ndot && ndot < 3) - /* reject /.$ and /..$ */ - return -1; - return 0; - } - else - sl = ndot = 0; - } - else if (ch == 0) - return 0; - else if (ch == '/') { - sl = 1; - ndot = 0; - } - } -} - static char *path_ok(char *directory) { static char rpath[PATH_MAX]; @@ -157,7 +112,7 @@ static char *path_ok(char *directory) dir = directory; - if (avoid_alias(dir)) { + if (daemon_avoid_alias(dir)) { logerror("'%s': aliased", dir); return NULL; } @@ -192,7 +147,6 @@ static char *path_ok(char *directory) { "IP", ip_address }, { "P", tcp_port }, { "D", directory }, - { "%", "%" }, { NULL } }; @@ -633,6 +587,24 @@ static int execute(struct sockaddr *addr) return -1; } +static int addrcmp(const struct sockaddr_storage *s1, + const struct sockaddr_storage *s2) +{ + if (s1->ss_family != s2->ss_family) + return s1->ss_family - s2->ss_family; + if (s1->ss_family == AF_INET) + return memcmp(&((struct sockaddr_in *)s1)->sin_addr, + &((struct sockaddr_in *)s2)->sin_addr, + sizeof(struct in_addr)); +#ifndef NO_IPV6 + if (s1->ss_family == AF_INET6) + return memcmp(&((struct sockaddr_in6 *)s1)->sin6_addr, + &((struct sockaddr_in6 *)s2)->sin6_addr, + sizeof(struct in6_addr)); +#endif + return 0; +} + static int max_connections = 32; static unsigned int live_children; @@ -647,17 +619,12 @@ static void add_child(pid_t pid, struct sockaddr *addr, int addrlen) { struct child *newborn, **cradle; - /* - * This must be xcalloc() -- we'll compare the whole sockaddr_storage - * but individual address may be shorter. - */ newborn = xcalloc(1, sizeof(*newborn)); live_children++; newborn->pid = pid; memcpy(&newborn->address, addr, addrlen); for (cradle = &firstborn; *cradle; cradle = &(*cradle)->next) - if (!memcmp(&(*cradle)->address, &newborn->address, - sizeof(newborn->address))) + if (!addrcmp(&(*cradle)->address, &newborn->address)) break; newborn->next = *cradle; *cradle = newborn; @@ -690,8 +657,7 @@ static void kill_some_child(void) return; for (; (next = blanket->next); blanket = next) - if (!memcmp(&blanket->address, &next->address, - sizeof(next->address))) { + if (!addrcmp(&blanket->address, &next->address)) { kill(blanket->pid, SIGTERM); break; } |