Changeset 347 for trunk/src

Timestamp:

Jun 7, 2011, 9:41:30 PM (13 years ago)

Author:

katerina

Message:

Fix for ticket #255 (improve protection against 'intruder on server' scenario).

Location:

trunk/src

Files:

• sh_getopt.c (modified) (1 diff)
• sh_gpg.c (modified) (1 diff)
• sh_hash.c (modified) (3 diffs)
• sh_readconf.c (modified) (9 diffs)

trunk/src/sh_getopt.c

@@ -439 +439 @@
   printf (_("   -- Key fingerprint: %s"), SH_GPG_FP); ++num;
 #endif
+#endif
+
+#if defined(SH_SHELL_EVAL)
+  if (num > 0) fputc ('\n', stdout);
+  fputs (_(" shell expansion in configuration file supported"), stdout); ++num;
 #endif
 

trunk/src/sh_gpg.c

@@ -1202 +1202 @@
 }  
 
+#define FGETS_BUF 16384
+
+SL_TICKET sh_gpg_extract_signed(SL_TICKET fd)
+{
+  FILE * fin_cp = NULL;
+  char * buf    = NULL;
+  int    bufc;
+  int    flag_pgp    = S_FALSE;
+  int    flag_nohead = S_FALSE;
+  SL_TICKET fdTmp = (-1);
+  SL_TICKET open_tmp (void);
+
+  /* extract the data and copy to temporary file
+   */
+  fdTmp = open_tmp();
+
+  fin_cp = fdopen(dup(get_the_fd(fd)), "rb");
+  buf = SH_ALLOC(FGETS_BUF);
+
+  while (NULL != fgets(buf, FGETS_BUF, fin_cp))
+    {
+      bufc = 0; 
+      while (bufc < FGETS_BUF) { 
+        if (buf[bufc] == '\n') { ++bufc; break; }
+        ++bufc;
+      }
+
+      if (flag_pgp == S_FALSE &&
+          (0 == sl_strcmp(buf, _("-----BEGIN PGP SIGNED MESSAGE-----\n"))||
+           0 == sl_strcmp(buf, _("-----BEGIN PGP MESSAGE-----\n")))
+          )
+        {
+          flag_pgp = S_TRUE;
+          sl_write(fdTmp, buf, bufc);
+          continue;
+        }
+      
+      if (flag_pgp == S_TRUE && flag_nohead == S_FALSE)
+        {
+          if (buf[0] == '\n')
+            {
+              flag_nohead = S_TRUE;
+              sl_write(fdTmp, buf, 1);
+              continue;
+            }
+          else if (0 == sl_strncmp(buf, _("Hash:"), 5) ||
+                   0 == sl_strncmp(buf, _("NotDashEscaped:"), 15))
+            {
+              sl_write(fdTmp, buf, bufc);
+              continue;
+            }
+          else
+            continue;
+        }
+    
+      if (flag_pgp == S_TRUE && buf[0] == '\n')
+        {
+          sl_write(fdTmp, buf, 1);
+        }
+      else if (flag_pgp == S_TRUE)
+        {
+          /* sl_write_line(fdTmp, buf, bufc); */
+          sl_write(fdTmp, buf, bufc);
+        }
+      
+      if (flag_pgp == S_TRUE && 
+          0 == sl_strcmp(buf, _("-----END PGP SIGNATURE-----\n")))
+        break;
+    }
+  SH_FREE(buf);
+  sl_fclose(FIL__, __LINE__, fin_cp); /* fin_cp = fdopen(dup(), "rb"); */
+  sl_rewind (fdTmp);
+
+  return fdTmp;
+}
+
 /* #ifdef WITH_GPG */
 #endif

trunk/src/sh_hash.c

@@ -1295 +1295 @@
 #if defined(WITH_GPG) || defined(WITH_PGP)
   extern int get_the_fd (SL_TICKET ticket);
-  FILE *   fin_cp = NULL;
-
-  char * buf  = NULL;
-  int    bufc;
+
   int    flag_pgp;
   int    flag_nohead;
   SL_TICKET fdTmp = (-1);
-  SL_TICKET open_tmp (void);
 #endif
   char hashbuf[KEYBUF_SIZE];
@@ -1405 +1401 @@
 
 #if defined(WITH_GPG) || defined(WITH_PGP)
-  /* new 1.4.8: also checked for server data */
 
   /* extract the data and copy to temporary file
    */
-  fdTmp = open_tmp();
-
-  fin_cp = fdopen(dup(get_the_fd(fd)), "rb");
-  buf = SH_ALLOC(FGETS_BUF);
-
-  while (NULL != fgets(buf, FGETS_BUF, fin_cp))
-    {
-      bufc = 0; 
-      while (bufc < FGETS_BUF) { 
-        if (buf[bufc] == '\n') { ++bufc; break; }
-        ++bufc;
-      }
-
-      if (sig_termfast == 1)  /* SIGTERM */
-        {
-          TPT((0, FIL__, __LINE__, _("msg=<Terminate.>\n")));
-          --sig_raised; --sig_urgent;
-          retval = 1; exitval = EXIT_SUCCESS;
-          goto unlock_and_return;
-        }
-
-      if (flag_pgp == S_FALSE &&
-          (0 == sl_strcmp(buf, _("-----BEGIN PGP SIGNED MESSAGE-----\n"))||
-           0 == sl_strcmp(buf, _("-----BEGIN PGP MESSAGE-----\n")))
-          )
-        {
-          flag_pgp = S_TRUE;
-          sl_write(fdTmp, buf, bufc);
-          continue;
-        }
-      
-      if (flag_pgp == S_TRUE && flag_nohead == S_FALSE)
-        {
-          if (buf[0] == '\n')
-            {
-              flag_nohead = S_TRUE;
-              sl_write(fdTmp, buf, 1);
-              continue;
-            }
-          else if (0 == sl_strncmp(buf, _("Hash:"), 5) ||
-                   0 == sl_strncmp(buf, _("NotDashEscaped:"), 15))
-            {
-              sl_write(fdTmp, buf, bufc);
-              continue;
-            }
-          else
-            continue;
-        }
-    
-      if (flag_pgp == S_TRUE && buf[0] == '\n')
-        {
-          sl_write(fdTmp, buf, 1);
-        }
-      else if (flag_pgp == S_TRUE)
-        {
-          /* sl_write_line(fdTmp, buf, bufc); */
-          sl_write(fdTmp, buf, bufc);
-        }
-      
-      if (flag_pgp == S_TRUE && 
-          0 == sl_strcmp(buf, _("-----END PGP SIGNATURE-----\n")))
-        break;
-    }
-  SH_FREE(buf);
+  fdTmp = sh_gpg_extract_signed(fd);
+
+  if (sig_termfast == 1)  /* SIGTERM */
+    {
+      TPT((0, FIL__, __LINE__, _("msg=<Terminate.>\n")));
+      --sig_raised; --sig_urgent;
+      retval = 1; exitval = EXIT_SUCCESS;
+      goto unlock_and_return;
+    }
+
   sl_close(fd);
-  sl_fclose(FIL__, __LINE__, fin_cp); /* fin_cp = fdopen(dup(), "rb"); */
-
   fd = fdTmp;
-  sl_rewind (fd);
 
   /* Validate signature of open file.
@@ -1488 +1426 @@
   sl_rewind (fd);
 #endif
-  /* } new 1.4.8 check sig also for files downloaded from server */
 
   line = SH_ALLOC(MAX_PATH_STORE+2);

trunk/src/sh_readconf.c

@@ -136 +136 @@
 static char * sh_readconf_expand_value (const char * str)
 {
+#ifdef SH_EVAL_SHELL
   char * tmp = (char*)str;
   char * out;
@@ -152 +153 @@
         }
     }
+#endif
   return sh_util_strdup(str);
 }
@@ -161 +163 @@
   SH_RC_FILE       = 3,
   SH_RC_IFACE      = 4,
+#ifdef SH_EVAL_SHELL
   SH_RC_CMD        = 5
+#endif
 };
 
@@ -218 +222 @@
           p += 15; cond_type = SH_RC_SYSTEM;
         }
+#ifdef SH_EVAL_SHELL
       else if (0 == strncasecmp(p, _("command_succeeds "), 17))
         {
           p += 17; cond_type = SH_RC_CMD;
         }
+#endif
       else
         {
@@ -271 +277 @@
         match = negate;
       break;
+#ifdef SH_EVAL_SHELL
     case SH_RC_CMD:
       if (0 == sh_unix_run_command(p))
         match = negate;
       break;
+#endif
     default:
       match = 0;
@@ -337 +345 @@
 #if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO)
   SL_TICKET    fdTmp = -1;
-  SL_TICKET open_tmp (void);
+#endif
+#if defined(WITH_GPG) || defined(WITH_PGP)
+  SL_TICKET    fdGpg = -1;
 #endif
   char * tmp;
@@ -464 +474 @@
   sl_close(fd);
   fd = fdTmp;
+  sl_rewind (fd);
+#endif
+
+#if defined(WITH_GPG) || defined(WITH_PGP)
+
+  /* extract the data and copy to temporary file
+   */
+  fdGpg = sh_gpg_extract_signed(fd);
+
+  sl_close(fd);
+  fd = fdGpg;
+
+  /* Validate signature of open file.
+   */
+  if (0 != sh_gpg_check_sign (fd, 0, 1))
+    {
+      SH_FREE(line_in);
+      aud_exit (FIL__, __LINE__, EXIT_FAILURE);
+    }
   sl_rewind (fd);
 #endif
@@ -664 +693 @@
                      (long) conf_line);
 
-#if defined(WITH_GPG) || defined(WITH_PGP)
-  /* Validate signature of open file.
-   */
-  sl_rewind (fd);
-  if (0 != sh_gpg_check_sign (fd, 0, 1))
-    {
-      SH_FREE(line_in);
-      aud_exit (FIL__, __LINE__, EXIT_FAILURE);
-    }
-#endif
-
   sl_close (fd);
 
@@ -1358 +1376 @@
 
   /* Expand shell expressions. This return allocated memory which we must free.
+   * If !defined(SH_EVAL_SHELL), this will reduce to a strdup.
    */
   value = sh_readconf_expand_value(value);