From 801a7cdb39dd0c618543f41eba912c7f1cb344e5 Mon Sep 17 00:00:00 2001 From: fedir Date: Tue, 6 May 2025 12:17:50 +0200 Subject: [PATCH] Added temp permission globbing --- src/temp_permissions_table.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/temp_permissions_table.c b/src/temp_permissions_table.c index efe894c..8fe4966 100644 --- a/src/temp_permissions_table.c +++ b/src/temp_permissions_table.c @@ -12,7 +12,9 @@ #include "proc_operations.h" #include "process_info.h" #include +#include #include +#include #include struct temp_process_permissions { @@ -127,14 +129,23 @@ access_t check_temp_access_noparent(const char *filename, pid_t pid) { if (process_creation_time == permission_entry->creation_time) { // the process is the same as the one that was granted temporary access // to the file + size_t filename_len = strlen(filename); for_each(&permission_entry->denied_files, denied_file) { - if (strncmp(*denied_file, filename, strlen(filename)) == 0) { + size_t denied_file_len = strlen(*denied_file); + if (strncmp(*denied_file, filename, denied_file_len) == 0 && + ((denied_file_len < filename_len && + (*denied_file)[denied_file_len - 1] == '/') || + (denied_file_len == filename_len))) { pthread_mutex_unlock(&temp_permissions_table_lock); return DENY; } } for_each(&permission_entry->allowed_files, allowed_file) { - if (strncmp(*allowed_file, filename, strlen(filename)) == 0) { + size_t allowed_file_len = strlen(*allowed_file); + if (strncmp(*allowed_file, filename, allowed_file_len) == 0 && + ((allowed_file_len < filename_len && + (*allowed_file)[allowed_file_len - 1] == '/') || + (allowed_file_len == filename_len))) { pthread_mutex_unlock(&temp_permissions_table_lock); return ALLOW; }