From patchwork Thu Aug 8 19:40:53 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yann Droneaud X-Patchwork-Id: 2841360 Return-Path: X-Original-To: patchwork-linux-rdma@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id C8A69BF546 for ; Thu, 8 Aug 2013 19:53:12 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 3CCA620374 for ; Thu, 8 Aug 2013 19:53:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 312852034E for ; Thu, 8 Aug 2013 19:53:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966236Ab3HHTw7 (ORCPT ); Thu, 8 Aug 2013 15:52:59 -0400 Received: from smtp22.services.sfr.fr ([93.17.128.13]:15160 "EHLO smtp22.services.sfr.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966242Ab3HHTw4 (ORCPT ); Thu, 8 Aug 2013 15:52:56 -0400 Received: from filter.sfr.fr (localhost [127.0.0.1]) by msfrf2201.sfr.fr (SMTP Server) with ESMTP id 7AA897000043; Thu, 8 Aug 2013 21:42:58 +0200 (CEST) Received: from localhost.localdomain (187.20.90.92.rev.sfr.net [92.90.20.187]) by msfrf2201.sfr.fr (SMTP Server) with ESMTP id EEF6E7000041; Thu, 8 Aug 2013 21:42:57 +0200 (CEST) X-SFR-UUID: 20130808194257978.EEF6E7000041@msfrf2201.sfr.fr Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by localhost.localdomain (8.14.7/8.14.7) with ESMTP id r78JguwZ003088; Thu, 8 Aug 2013 21:42:56 +0200 Received: (from ydroneaud@localhost) by localhost.localdomain (8.14.7/8.14.7/Submit) id r78Jgtsk003086; Thu, 8 Aug 2013 21:42:55 +0200 From: Yann Droneaud To: linux-rdma@vger.kernel.org Cc: Yann Droneaud Subject: [PATCH libibverbs v2 10/11] read_config(): reject symlinks Date: Thu, 8 Aug 2013 21:40:53 +0200 Message-Id: <7ba47cb94f6641ec9d2c4cd2db0f252c7a31af21.1375952089.git.ydroneaud@opteya.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: References: In-Reply-To: References: MIME-Version: 1.0 Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Use fstatat()[1][2] to get type of files in the configuration directory. Use option AT_SYMLINK_NOFOLLOW to get information on symlink and not the file linked. If the file is not a plain file, read_config() will not process it with read_config_file(). This is a behavior change from previous library version: current library accept to open symlinks, which might link to files outside of the configuration directory. Weakness addressed: - CWE-59: Improper Link Resolution Before File Access ('Link Following') - CWE-61: UNIX Symbolic Link (Symlink) Following Secure coding: - POS01-C. Check for the existence of links when dealing with files Compatibility: - According to Gnulib, fstatat() is not supported on some older systems. Links: - [1] fstatat - [2] fstatat(2) Signed-off-by: Yann Droneaud --- src/init.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/init.c b/src/init.c index 75171e3..0b46b78 100644 --- a/src/init.c +++ b/src/init.c @@ -394,6 +394,18 @@ static void read_config(void) if (dent->d_name[0] == '\0' || dent->d_name[strlen(dent->d_name) - 1] == '~') continue; + if (fstatat(conf_dirfd, dent->d_name, &buf, AT_SYMLINK_NOFOLLOW)) { + fprintf(stderr, PFX "Warning: couldn't stat config file '%s/%s'.\n", + IBV_CONFIG_DIR, dent->d_name); + continue; + } + + if (!S_ISREG(buf.st_mode)) { + fprintf(stderr, PFX "Warning: invalid config file '%s/%s'.\n", + IBV_CONFIG_DIR, dent->d_name); + continue; + } + read_config_file(conf_dirfd, dent->d_name); }