Changeset 452

Timestamp:

Jun 26, 2014, 8:01:54 PM (10 years ago)

Author:

katerina

Message:

Fix for ticket #353 (multiple exclusions for SUID check).

Location:

trunk

Files:

• Makefile.in (modified) (1 diff)
• depend.dep (modified) (1 diff)
• depend.sum (modified) (1 diff)
• include/zAVLTree.h (modified) (1 diff)
• src/cutest_zAVLTree.c (modified) (2 diffs)
• src/sh_suidchk.c (modified) (8 diffs)
• src/zAVLTree.c (modified) (3 diffs)

trunk/Makefile.in

@@ -1743 +1743 @@
 sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_pthread.h $(srcinc)/sh_inotify.h 
 sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h 
-sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h 
+sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h $(srcinc)/zAVLTree.h 
 sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h $(srcinc)/CuTest.h 
 sh_fifo.o: $(srcsrc)/sh_fifo.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_fifo.h 

trunk/depend.dep

@@ -21 +21 @@
 sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_pthread.h $(srcinc)/sh_inotify.h 
 sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h 
-sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h 
+sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h $(srcinc)/zAVLTree.h 
 sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h $(srcinc)/CuTest.h 
 sh_fifo.o: $(srcsrc)/sh_fifo.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_fifo.h 

trunk/depend.sum

@@ -1 @@
-3861086825
+3192621362

trunk/include/zAVLTree.h

@@ -74 +74 @@
 extern void *zAVLNext (zAVLCursor *avlcursor);
 
+extern char * zAVL_string_get (zAVLTree * tree, char * key);
+/* uses strdup to insert a copy */
+extern int zAVL_string_set (zAVLTree ** tree, const char * key); 
+extern void zAVL_string_reset (zAVLTree * tree);
+
 #endif

trunk/src/cutest_zAVLTree.c

@@ -37 +37 @@
   int result;
   int counter = 0;
+
+  char * str;
 
   struct ztest z1 = { "abc"  , 1 };
@@ -483 +485 @@
   CuAssertTrue (tc, iz8.iname == 0);
 
+  ztest_tree = NULL;
+  str = strdup("foo");
+  result = zAVL_string_set(&ztest_tree, str);
+  CuAssertTrue(tc, 0 == result);
+  CuAssertPtrNotNull(tc, ztest_tree);
+  CuAssertStrEquals(tc, "foo", zAVL_string_get(ztest_tree, "foo")); 
+
+  str = strdup("bar");
+  result = zAVL_string_set(&ztest_tree, str);
+  CuAssertTrue(tc, 0 == result);
+  CuAssertStrEquals(tc, "foo", zAVL_string_get(ztest_tree, "foo")); 
+  CuAssertStrEquals(tc, "bar", zAVL_string_get(ztest_tree, "bar")); 
+
+  str = strdup("balloon");
+  result = zAVL_string_set(&ztest_tree, str);
+  CuAssertTrue(tc, 0 == result);
+  CuAssertStrEquals(tc, "foo", zAVL_string_get(ztest_tree, "foo")); 
+  CuAssertStrEquals(tc, "bar", zAVL_string_get(ztest_tree, "bar")); 
+  CuAssertStrEquals(tc, "balloon", zAVL_string_get(ztest_tree, "balloon")); 
+
+  str = zAVL_string_get(ztest_tree, "foobar");
+  CuAssertTrue(tc, str == NULL);
+  str = zAVL_string_get(ztest_tree, "");
+  CuAssertTrue(tc, str == NULL);
+  str = zAVL_string_get(ztest_tree, NULL);
+  CuAssertTrue(tc, str == NULL);
+
+  zAVL_string_reset(ztest_tree);
+  str = zAVL_string_get(ztest_tree, "foo");
+  CuAssertTrue(tc, str == NULL);
+  str = zAVL_string_get(ztest_tree, "bar");
+  CuAssertTrue(tc, str == NULL);
+  str = zAVL_string_get(ztest_tree, "balloon");
+  CuAssertTrue(tc, str == NULL);
 
 }

trunk/src/sh_suidchk.c

@@ -82 +82 @@
 #include "sh_schedule.h"
 #include "sh_calls.h"
+#include "zAVLTree.h"
 
 
@@ -146 +147 @@
 static int     ShSuidchkQDelete  = S_FALSE;
 static int     ShSuidchkSeverity = SH_ERR_SEVERE;
-static char *  ShSuidchkExclude  = NULL;
-static size_t  ExcludeLen        = 0;
 
 static time_t  FileLimNow        = 0;
@@ -155 +154 @@
 
 static sh_schedule_t * ShSuidchkSched = NULL;
+
+
+static zAVLTree *  ShSuidchkExclude  = NULL;
+static void sh_suid_exclude_free()
+{
+  zAVL_string_reset(ShSuidchkExclude);
+  ShSuidchkExclude  = NULL;
+  return;
+}
+static int sh_suid_exclude_add(const char * str)
+{
+  size_t len;
+  int    ret;
+  char * key = sh_util_strdup(str);
+
+  len = sl_strlen (key);
+  if (len && key[len-1] == '/')
+    {
+      key[len-1] = '\0';
+    }
+  ret = zAVL_string_set(&ShSuidchkExclude, key);
+  SH_FREE(key);
+  return ret;
+}
+
 
 static char *
@@ -179 +203 @@
   ShSuidchkSeverity = SH_ERR_SEVERE;
   if (ShSuidchkExclude != NULL)
-    SH_FREE(ShSuidchkExclude);
-  ShSuidchkExclude  = NULL;
-  ExcludeLen        = 0;
+    sh_suid_exclude_free(ShSuidchkExclude);
 
   FileLimNow        = 0;
@@ -1136 +1158 @@
         if (tlen >= 6 && 0 == strcmp(&tmp[tlen-6], _("/.gvfs")))
           elevel = SH_ERR_NOTICE;
+        else if (tlen >= 5 && 0 == strcmp(&((mnt->mnt_dir)[tlen-5]), _("/gvfs")))
+          elevel = SH_ERR_NOTICE;
 
         /* If we are scanning a temporary directory where dirs and files
@@ -1156 +1180 @@
         if (/*@-usedef@*/S_ISDIR(buf.st_mode)/*@+usedef@*/ &&
             (ShSuidchkExclude == NULL || 
-             0 != strcmp(tmpcat, ShSuidchkExclude)))
+             NULL == zAVL_string_get(ShSuidchkExclude, tmpcat)))
           {
             /* fs is a STATIC string or NULL
@@ -1529 +1553 @@
 int sh_suidchk_set_exclude (const char * c)
 {
+  int ret = 0;
   SL_ENTER(_("sh_suidchk_set_exclude"));
 
@@ -1539 +1564 @@
     {
       if (ShSuidchkExclude != NULL)
-        SH_FREE(ShSuidchkExclude);
-      ShSuidchkExclude = NULL;
+        sh_suid_exclude_free();
       SL_RETURN(0, _("sh_suidchk_set_exclude"));
     }
 
-  if (ShSuidchkExclude != NULL)
-    SH_FREE(ShSuidchkExclude);
-
-  ShSuidchkExclude = sh_util_strdup (c);
-  ExcludeLen       = sl_strlen (ShSuidchkExclude);
-  if (ShSuidchkExclude && ShSuidchkExclude[ExcludeLen-1] == '/')
-    {
-      ShSuidchkExclude[ExcludeLen-1] = '\0';
-      ExcludeLen--;
-    }
-  SL_RETURN(0, _("sh_suidchk_set_exclude"));
+  ret = sh_suid_exclude_add(c);
+
+  SL_RETURN(ret, _("sh_suidchk_set_exclude"));
 }
 

trunk/src/zAVLTree.c

@@ -33 +33 @@
 #include "zAVLTree.h"
 
+/* Interface for handling "string only" items rw 2014-06-26
+ */
+static zAVLKey zstring_key (void const * arg)
+{
+  return (zAVLKey) arg;
+}
+static void zfree_string (void * inptr)
+{
+  char * str = (char *) inptr;
+  str[0] = '\0';
+  free (str);
+  return;
+}
+void zAVL_string_reset (zAVLTree * tree)
+{
+  if (tree)
+    zAVLFreeTree (tree, zfree_string);
+  return;
+}
+int zAVL_string_set (zAVLTree ** tree, const char * key)
+{
+  if (tree && key)
+    {
+      zAVLTree * itree = (*tree);
+      if (!itree)
+        {
+          itree = zAVLAllocTree (zstring_key, zAVL_KEY_STRING);
+          if (!itree) 
+            {
+              return -1;
+            }
+        }
+      *tree = itree;
+      return zAVLInsert (itree, strdup(key));
+    }
+  return -1;
+}
+char * zAVL_string_get (zAVLTree * tree, char * key)
+{
+  /* zAVLSearch() checks for NULL tree 
+   */
+  if (key)
+    {
+      return ((char *) zAVLSearch (tree, key));
+    }
+  return NULL;
+}
+
+
 /* Wed Nov 23 17:57:42 CET 2005 rw: introduce third argument in
  * zAVLCloseSearchNode() to avoid redundant strcmp
@@ -86 +135 @@
   zAVLTree *rc;
 
-  rc = malloc(sizeof(zAVLTree));
+  rc = calloc(1, sizeof(zAVLTree));
   if (rc == NULL)
     return NULL;
@@ -130 +179 @@
   int       ok;
 
-  newnode = malloc(sizeof(zAVLNode));
+  newnode = calloc(1, sizeof(zAVLNode));
   if (newnode == NULL)
     return -1;