rpms / fapolicyd

Clone
Source Code
GIT

Blame SOURCES/fapolicyd-fix-escaping.patch

c8 c8-beta c8s c9 c9-beta
  1.   7aaf184b257ee29de6d638d7d4d16c4ce81eddc6
  2.   SOURCES
  3.   fapolicyd-fix-escaping.patch
Blob History Raw
7aaf18 
diff --color -ru a/init/fapolicyd.trust b/init/fapolicyd.trust
7aaf18 
--- a/init/fapolicyd.trust	2021-11-12 20:21:54.000000000 +0100
7aaf18 
+++ b/init/fapolicyd.trust	2021-12-08 13:25:43.441187113 +0100
7aaf18 
@@ -1,3 +1,4 @@
7aaf18 
+# AUTOGENERATED FILE VERSION 2
7aaf18 
 # This file contains a list of trusted files
7aaf18 
 #
7aaf18 
 #  FULL PATH        SIZE                             SHA256
7aaf18 
diff --color -ru a/src/cli/file-cli.c b/src/cli/file-cli.c
7aaf18 
--- a/src/cli/file-cli.c	2021-11-12 20:21:54.000000000 +0100
7aaf18 
+++ b/src/cli/file-cli.c	2021-12-08 13:25:43.441187113 +0100
7aaf18 
@@ -89,9 +89,6 @@
7aaf18 
 	return 0;
7aaf18 
 }
7aaf18
7aaf18 
-
7aaf18 
-
7aaf18 
-
7aaf18 
 int file_append(const char *path, const char *fname)
7aaf18 
 {
7aaf18 
 	set_message_mode(MSG_STDERR, DBG_NO);
7aaf18 
@@ -110,11 +107,14 @@
7aaf18
7aaf18 
 	char *dest = fname ? fapolicyd_strcat(TRUST_DIR_PATH, fname) :
7aaf18 
 							TRUST_FILE_PATH;
7aaf18 
+
7aaf18 
 	int rc = trust_file_append(dest, &add_list);
7aaf18
7aaf18 
+	list_empty(&add_list);
7aaf18 
+
7aaf18 
 	if (fname)
7aaf18 
 		free(dest);
7aaf18 
-	list_empty(&add_list);
7aaf18 
+
7aaf18 
 	return rc ? -1 : 0;
7aaf18 
 }
7aaf18
7aaf18 
diff --color -ru a/src/library/trust-file.c b/src/library/trust-file.c
7aaf18 
--- a/src/library/trust-file.c	2021-11-12 20:21:54.000000000 +0100
7aaf18 
+++ b/src/library/trust-file.c	2021-12-08 15:42:15.787206923 +0100
7aaf18 
@@ -51,6 +51,7 @@
7aaf18 
 #define FTW_NOPENFD 1024
7aaf18 
 #define FTW_FLAGS (FTW_ACTIONRETVAL | FTW_PHYS)
7aaf18
7aaf18 
+#define HEADER0 "# AUTOGENERATED FILE VERSION 2\n"
7aaf18 
 #define HEADER1 "# This file contains a list of trusted files\n"
7aaf18 
 #define HEADER2 "#\n"
7aaf18 
 #define HEADER3 "#  FULL PATH        SIZE                             SHA256\n"
7aaf18 
@@ -137,12 +138,19 @@
7aaf18 
 		return 1;
7aaf18 
 	}
7aaf18
7aaf18 
-	size_t hlen = strlen(HEADER1);
7aaf18 
+	size_t hlen;
7aaf18 
+	hlen = strlen(HEADER0);
7aaf18 
+	fwrite(HEADER0, hlen, 1, f);
7aaf18 
+
7aaf18 
+	hlen = strlen(HEADER1);
7aaf18 
 	fwrite(HEADER1, hlen, 1, f);
7aaf18 
+
7aaf18 
 	hlen = strlen(HEADER2);
7aaf18 
 	fwrite(HEADER2, hlen, 1, f);
7aaf18 
+
7aaf18 
 	hlen = strlen(HEADER3);
7aaf18 
 	fwrite(HEADER3, hlen, 1, f);
7aaf18 
+
7aaf18 
 	hlen = strlen(HEADER4);
7aaf18 
 	fwrite(HEADER4, hlen, 1, f);
7aaf18
7aaf18 
@@ -163,50 +171,49 @@
7aaf18 
 	return 0;
7aaf18 
 }
7aaf18
7aaf18 
-
7aaf18 
-
7aaf18 
-int trust_file_append(const char *fpath, const list_t *list) {
7aaf18 
-	int fd = open(fpath, O_CREAT | O_WRONLY | O_APPEND, 0600);
7aaf18 
-	if (fd == -1) {
7aaf18 
-		msg(LOG_ERR, "Cannot open %s", fpath);
7aaf18 
+int trust_file_append(const char *fpath, list_t *list)
7aaf18 
+{
7aaf18 
+	list_t content;
7aaf18 
+	list_init(&content);
7aaf18 
+	int rc = trust_file_load(fpath, &content);
7aaf18 
+	if (rc)
7aaf18 
 		return 1;
7aaf18 
-	}
7aaf18
7aaf18 
 	for (list_item_t *lptr = list->first; lptr; lptr = lptr->next) {
7aaf18 
-		int count = 1;
7aaf18 
-		char *line = make_path_string(lptr->index, &count);
7aaf18 
-		if (!line)
7aaf18 
-			continue;
7aaf18 
-
7aaf18 
-		if (write(fd, line, count) == -1) {
7aaf18 
-			msg(LOG_ERR, "failed writing to %s\n", fpath);
7aaf18 
-			free(line);
7aaf18 
-			close(fd);
7aaf18 
-			return 2;
7aaf18 
-		}
7aaf18 
-		free(line);
7aaf18 
+		int i = 0;
7aaf18 
+		lptr->data = make_path_string(lptr->index, &i);
7aaf18 
 	}
7aaf18
7aaf18 
-	close(fd);
7aaf18 
-	return 0;
7aaf18 
+	list_merge(&content, list);
7aaf18 
+	write_out_list(&content, fpath);
7aaf18 
+	list_empty(&content);
7aaf18 
+	return rc ? 1 : 0;
7aaf18 
 }
7aaf18
7aaf18 
 int trust_file_load(const char *fpath, list_t *list)
7aaf18 
 {
7aaf18 
+	char buffer[BUFFER_SIZE];
7aaf18 
+	int escaped = 0;
7aaf18 
+	long line = 0;
7aaf18 
+
7aaf18 
 	FILE *file = fopen(fpath, "r");
7aaf18 
 	if (!file) {
7aaf18 
 		msg(LOG_ERR, "Cannot open %s", fpath);
7aaf18 
 		return 1;
7aaf18 
 	}
7aaf18
7aaf18 
-	char buffer[BUFFER_SIZE];
7aaf18 
 	while (fgets(buffer, BUFFER_SIZE, file)) {
7aaf18 
-		char name[4097], sha[65], *index, *data;
7aaf18 
+		char name[4097], sha[65], *index = NULL, *data = NULL;
7aaf18 
 		unsigned long sz;
7aaf18 
 		unsigned int tsource = SRC_FILE_DB;
7aaf18
7aaf18 
-		if (iscntrl(buffer[0]) || buffer[0] == '#')
7aaf18 
+		line++;
7aaf18 
+
7aaf18 
+		if (iscntrl(buffer[0]) || buffer[0] == '#') {
7aaf18 
+			if (line == 1 && strncmp(buffer, HEADER0, strlen(HEADER0)) == 0)
7aaf18 
+				escaped = 1;
7aaf18 
 			continue;
7aaf18 
+		}
7aaf18
7aaf18 
 		if (sscanf(buffer, FILE_READ_FORMAT, name, &sz, sha) != 3) {
7aaf18 
 			msg(LOG_WARNING, "Can't parse %s", buffer);
7aaf18 
@@ -217,7 +224,7 @@
7aaf18 
 		if (asprintf(&data, DATA_FORMAT, tsource, sz, sha) == -1)
7aaf18 
 			data = NULL;
7aaf18
7aaf18 
-		index = unescape(name);
7aaf18 
+		index = escaped ? unescape(name) : strdup(name);
7aaf18 
 		if (index == NULL) {
7aaf18 
 			msg(LOG_ERR, "Could not unescape %s from %s", name, fpath);
7aaf18 
 			free(data);
7aaf18 
@@ -311,33 +318,22 @@
7aaf18
7aaf18 
 int trust_file_rm_duplicates(const char *fpath, list_t *list)
7aaf18 
 {
7aaf18 
-	FILE *file = fopen(fpath, "r");
7aaf18 
-	if (!file) {
7aaf18 
-		msg(LOG_ERR, "Cannot open %s", fpath);
7aaf18 
-		return 1;
7aaf18 
-	}
7aaf18 
-
7aaf18 
-	char buffer[BUFFER_SIZE];
7aaf18 
-	while (fgets(buffer, BUFFER_SIZE, file)) {
7aaf18 
-		char thash[65], tpath[4097];
7aaf18 
-		long unsigned size;
7aaf18 
+	list_t trust_file;
7aaf18 
+	list_init(&trust_file);
7aaf18
7aaf18 
-		if (iscntrl(buffer[0]) || buffer[0] == '#')
7aaf18 
-			continue;
7aaf18 
+	int rc = trust_file_load(fpath, &trust_file);
7aaf18 
+	if (rc)
7aaf18 
+		goto cleanup;
7aaf18
7aaf18 
-		if (sscanf(buffer, FILE_READ_FORMAT, tpath, &size, thash) != 3) {
7aaf18 
-			msg(LOG_WARNING, "Can't parse %s", buffer);
7aaf18 
-			fclose(file);
7aaf18 
-			return 2;
7aaf18 
-		}
7aaf18 
-
7aaf18 
-		list_remove(list, tpath);
7aaf18 
+	for (list_item_t *lptr = trust_file.first; lptr; lptr = lptr->next) {
7aaf18 
+		list_remove(list, lptr->index);
7aaf18 
 		if (list->count == 0)
7aaf18 
 			break;
7aaf18 
 	}
7aaf18
7aaf18 
-	fclose(file);
7aaf18 
-	return 0;
7aaf18 
+cleanup:
7aaf18 
+	list_empty(&trust_file);
7aaf18 
+	return rc;
7aaf18 
 }
7aaf18
7aaf18
7aaf18 
diff --color -ru a/src/library/trust-file.h b/src/library/trust-file.h
7aaf18 
--- a/src/library/trust-file.h	2021-11-12 20:21:54.000000000 +0100
7aaf18 
+++ b/src/library/trust-file.h	2021-12-08 13:25:43.441187113 +0100
7aaf18 
@@ -30,8 +30,7 @@
7aaf18 
 #define TRUST_FILE_PATH "/etc/fapolicyd/fapolicyd.trust"
7aaf18 
 #define TRUST_DIR_PATH "/etc/fapolicyd/trust.d/"
7aaf18
7aaf18 
-int trust_file_append(const char *fpath, const list_t *list);
7aaf18 
-
7aaf18 
+int trust_file_append(const char *fpath, list_t *list);
7aaf18 
 int trust_file_load(const char *fpath, list_t *list);
7aaf18 
 int trust_file_update_path(const char *fpath, const char *path);
7aaf18 
 int trust_file_delete_path(const char *fpath, const char *path);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation