fedir/ICFS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: fedir:b550c93884af68a2ac9c5c7aa4e3226e614dccd7
Branches Tags
fedir:main
fedir:new-dialogue
fedir:profiling
fedir:setuid
fedir:creation_permissions
fedir:Temp_permission_table
fedir:Testing
fedir:API
fedir:basic-passthough
..
compare: fedir:56165c0b76446353da4531e66823b3fb74f79de3
Branches Tags
fedir:main
fedir:new-dialogue
fedir:profiling
fedir:setuid
fedir:creation_permissions
fedir:Temp_permission_table
fedir:Testing
fedir:API
fedir:basic-passthough

No commits in common. "b550c93884af68a2ac9c5c7aa4e3226e614dccd7" and "56165c0b76446353da4531e66823b3fb74f79de3" have entirely different histories.
b550c93884 ... 56165c0b76

2 changed files with 17 additions and 27 deletions
Show Stats Expand all files Collapse all files

12
src/perm_permissions_table.c
View File

@ -212,20 +212,14 @@ access_t check_perm_access_noparent(const char *filename,
access_t ret = NDEF;
sqlite3_stmt *stmt = NULL;
const char *sql =
"SELECT mode FROM permissions WHERE executable = ?1 "
const char *sql = "SELECT mode FROM permissions WHERE executable = ?1 "
"AND (( ?2 LIKE CONCAT(filename, \'%\') AND filename "
"GLOB \'*/\') OR filename = ?2 ) ORDER BY LENGTH( filename ) DESC;";
"GLOB \'*/\') OR filename = ?2 );";
sqlite3_prepare_v2(perm_database, sql, -1, &stmt, NULL);
sqlite3_bind_text(stmt, 1, pi.name, -1, SQLITE_STATIC);
sqlite3_bind_text(stmt, 2, filename, -1, SQLITE_STATIC);
int step_ret = sqlite3_step(stmt);
if (step_ret != SQLITE_ROW && step_ret != SQLITE_DONE) {
fprintf(stderr, "SQLite error: %s\n", sqlite3_errstr(step_ret));
sqlite3_finalize(stmt);
return ret;
}
if (step_ret == SQLITE_ROW) {
int mode_col = sqlite3_column_int(stmt, 0);
if (mode_col) {
@ -233,6 +227,8 @@ access_t check_perm_access_noparent(const char *filename,
} else {
ret = DENY;
}
} else {
fprintf(stderr, "SQLite error: %s\n", sqlite3_errstr(step_ret));
}
sqlite3_finalize(stmt);

24
src/temp_permissions_table.c
View File

@ -192,32 +192,26 @@ access_t check_temp_access_noparent(const char *filename, pid_t pid) {
// the process is the same as the one that was granted temporary access
// to the file
size_t filename_len = strlen(filename);
access_t ret = NDEF;
size_t maxlen = 0;
for_each(&permission_entry->denied_files, denied_file) {
size_t denied_file_len = strlen(*denied_file);
if ((strncmp(*denied_file, filename, denied_file_len) == 0 &&
if (strncmp(*denied_file, filename, denied_file_len) == 0 &&
((denied_file_len < filename_len &&
(*denied_file)[denied_file_len - 1] == '/') ||
(denied_file_len == filename_len))) &&
denied_file_len > maxlen) {
maxlen = denied_file_len;
ret = DENY;
(denied_file_len == filename_len))) {
pthread_rwlock_unlock(&temp_permissions_table_lock);
return DENY;
}
}
for_each(&permission_entry->allowed_files, allowed_file) {
size_t allowed_file_len = strlen(*allowed_file);
if ((strncmp(*allowed_file, filename, allowed_file_len) == 0 &&
if (strncmp(*allowed_file, filename, allowed_file_len) == 0 &&
((allowed_file_len < filename_len &&
(*allowed_file)[allowed_file_len - 1] == '/') ||
(allowed_file_len == filename_len))) &&
allowed_file > maxlen) {
maxlen = allowed_file_len;
ret = ALLOW;
}
}
(allowed_file_len == filename_len))) {
pthread_rwlock_unlock(&temp_permissions_table_lock);
return ret;
return ALLOW;
}
}
}
}
pthread_rwlock_unlock(&temp_permissions_table_lock);