From cb94ca5e49a4f45abbda63d4d2c569e1a7070fd9 Mon Sep 17 00:00:00 2001 From: "Kyle J. McKay" Date: Sun, 29 Nov 2020 20:54:08 -0700 Subject: [PATCH] install: verify taskd socket path fits in sun_path The full path to the taskd socket must fit (including the terminating '\0') within the sun_path field of the struct sockaddr_un structure. Unfortunately, it has a limited length that's much less than the maximum path length or even the POSIX minimum maximum path length. Check during the installation process to make sure that the full path to the taskd socket will fit in the sun_path field otherwise complain loudly and abort the installation. Make the actual length of the sun_path field available in the `var_sun_path_len` variable. Signed-off-by: Kyle J. McKay --- install.sh | 26 ++++++++++++++++++++++++++ shlib.sh | 4 ++++ src/.gitignore | 3 +++ src/GNUmakefile | 8 ++++++-- src/get_sun_path_len.c | 34 ++++++++++++++++++++++++++++++++++ 5 files changed, 73 insertions(+), 2 deletions(-) create mode 100644 src/get_sun_path_len.c diff --git a/install.sh b/install.sh index c1fa044..d19167b 100755 --- a/install.sh +++ b/install.sh @@ -4,6 +4,8 @@ set -e +echol() { printf '%s\n' "$*"; } + # Include custom configuration, if any [ ! -e config.sh ] || [ ! -f config.sh ] || [ ! -r config.sh ] || . ./config.sh @@ -138,6 +140,11 @@ if ! [ -f src/getent ] || ! [ -x src/getent ]; then echo "ERROR: perhaps you forgot to run make?" >&2 exit 1 fi +if ! [ -f src/get_sun_path_len ] || ! [ -x src/get_sun_path_len ]; then + echo "ERROR: src/get_sun_path_len is not built! Did you _REALLY_ read INSTALL?" >&2 + echo "ERROR: perhaps you forgot to run make?" >&2 + exit 1 +fi if ! [ -f src/get_user_uuid ] || ! [ -x src/get_user_uuid ]; then echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2 echo "ERROR: perhaps you forgot to run make?" >&2 @@ -208,6 +215,25 @@ if [ "$sha256check" != "$sha256result" ]; then echo "ERROR: verifying sha256 hash of '123456789' failed!" >&2 exit 1 fi +var_sun_path_len="$(src/get_sun_path_len 2>/dev/null)" || : +if + [ -z "$var_sun_path_len" ] || + [ "${var_sun_path_len#*[!0-9]}" != "$var_sun_path_len" ] || + [ "$var_sun_path_len" -lt 80 ] || [ "$var_sun_path_len" -gt 4096 ] +then + echol "ERROR: src/get_sun_path_len is built, but bogus!" >&2 + echol "ERROR: reports sizeof(struct sockaddr_un.sun_path) is '$var_sun_path_len'" >&2 + exit 1 +fi +taskdsockpath="$cfg_chroot/etc/taskd.socket@" # "@" stands in for the NUL byte +if [ "${#taskdsockpath}" -gt "$var_sun_path_len" ]; then + echol "ERROR: maximum length of sockaddr_un.sun_path is $var_sun_path_len" >&2 + echol "ERROR: the configured taskd.socket path has length ${#taskdsockpath}" >&2 + echol "ERROR: reduce the length of \$Girocco::Config::chroot to shorten" >&2 + echol "ERROR: '${taskdsockpath%?}'" >&2 + echol "ERROR: to fit (including the final '\\0' byte)" >&2 + exit 1 +fi echo "*** Checking for ezcert..." diff --git a/shlib.sh b/shlib.sh index 8f52ea0..351bfb1 100644 --- a/shlib.sh +++ b/shlib.sh @@ -112,6 +112,7 @@ get_girocco_config_var_list() ( # var_du_exclude Option to exclude PATTERN from du if available # var_du_follow Option to follow command line sym links if available # var_xfsz_err Shell error code when child dies from SIGXFSZ + # var_sun_path_len Output if already set to suitable positive integer _cfg_vars="$(get_girocco_config_pm_var_list)" eval "$_cfg_vars" [ -z "$cfg_path" ] || { PATH="$cfg_path" && export PATH; } @@ -202,6 +203,9 @@ get_girocco_config_var_list() ( printf 'var_xfsz_err=%s\n' "$ec" fi fi + if [ -n "$var_sun_path_len" ] && [ "${var_sun_path_len#*[!0-9]}" = "$var_sun_path_len" ]; then + [ "$var_sun_path_len" -lt 80 ] || printf 'var_sun_path_len=%s\n' "$var_sun_path_len" + fi ) # If basedir has been replaced, and shlib_vars.sh exists, get the config diff --git a/src/.gitignore b/src/.gitignore index 0cb6533..8907e5c 100644 --- a/src/.gitignore +++ b/src/.gitignore @@ -11,6 +11,9 @@ config.h getent.d* getent.o* getent +get_sun_path_len.d* +get_sun_path_len.o* +get_sun_path_len get_user_uuid.d* get_user_uuid.o* get_user_uuid diff --git a/src/GNUmakefile b/src/GNUmakefile index d11d1c0..1706f7e 100644 --- a/src/GNUmakefile +++ b/src/GNUmakefile @@ -3,13 +3,14 @@ CFLAGS ?= -O .PHONY : all clean install FORCE -all : can_user_push can_user_push_http getent get_user_uuid list_packs \ - peek_packet rangecgi readlink strftime throttle ulimit512 ltsha256 +all : can_user_push can_user_push_http getent get_sun_path_len get_user_uuid \ + list_packs peek_packet rangecgi readlink strftime throttle ulimit512 ltsha256 clean : rm -rf can_user_push.o* can_user_push.d* can_user_push rm -rf can_user_push_http.o* can_user_push_http.d* can_user_push_http rm -rf getent.o* getent.d* getent + rm -rf get_sun_path_len.o* get_sun_path_len.d* get_sun_path_len rm -rf get_user_uuid.o* get_user_uuid.d* get_user_uuid rm -rf list_packs.o* list_packs.d* list_packs.inc list_packs rm -rf peek_packet.o* peek_packet.d* peek_packet @@ -65,6 +66,9 @@ can_user_push_http : can_user_push_http.c GROUP-FILE getent : getent.c $(CC) -o $@ $(CFLAGS) $? +get_sun_path_len : get_sun_path_len.c + $(CC) -o $@ $(CFLAGS) get_sun_path_len.c + get_user_uuid : get_user_uuid.c PASSWD-FILE $(CC) -o $@ $(CFLAGS) -D"PASSWD_FILE=\"$(TRACK_PASSWD_FILE)\"" get_user_uuid.c diff --git a/src/get_sun_path_len.c b/src/get_sun_path_len.c new file mode 100644 index 0000000..15d4450 --- /dev/null +++ b/src/get_sun_path_len.c @@ -0,0 +1,34 @@ +/* + +get_sun_path_len.c -- return maximum size of sockaddr_un.sun_path +Copyright (C) 2020 Kyle J. McKay. +All rights reserved. + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +*/ + +#include +#include +#include +#include + +int main(int argc, char *argv[]) +{ + struct sockaddr_un sun; + (void)argc; (void)argv; + printf("%u\n", (unsigned)sizeof(sun.sun_path)); + return 0; +} -- 2.11.4.GIT