along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: conf.c,v 1.9.4.74 2003/08/08 14:59:27 guus Exp $
+ $Id: conf.c,v 1.9.4.77 2003/12/12 19:52:24 guus Exp $
*/
#include "system.h"
{
cp();
- return (config_t *) xmalloc_and_zero(sizeof(config_t));
+ return xmalloc_and_zero(sizeof(config_t));
}
void free_config(config_t *cfg)
if(node) {
if(node->next) {
- found = (config_t *) node->next->data;
+ found = node->next->data;
if(!strcasecmp(found->variable, cfg->variable))
return found;
bool get_config_subnet(const config_t *cfg, subnet_t ** result)
{
- subnet_t *subnet;
+ subnet_t subnet = {0};
cp();
if(!cfg)
return false;
- subnet = str2net(cfg->value);
-
- if(!subnet) {
+ if(!str2net(&subnet, cfg->value)) {
logger(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"),
cfg->variable, cfg->file, cfg->line);
return false;
/* Teach newbies what subnets are... */
- if(((subnet->type == SUBNET_IPV4)
- && !maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t)))
- || ((subnet->type == SUBNET_IPV6)
- && !maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) {
+ if(((subnet.type == SUBNET_IPV4)
+ && !maskcheck(&subnet.net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t)))
+ || ((subnet.type == SUBNET_IPV6)
+ && !maskcheck(&subnet.net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)))) {
logger(LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"),
cfg->variable, cfg->file, cfg->line);
- free(subnet);
return false;
}
- *result = subnet;
+ *(*result = new_subnet()) = subnet;
return true;
}
return x == 0;
}
-bool is_safe_path(const char *file)
-{
-#if !(defined(HAVE_CYGWIN) || defined(HAVE_MINGW))
- char *p;
- const char *f;
- char x;
- struct stat s;
- char l[MAXBUFSIZE];
-
- if(*file != '/') {
- logger(LOG_ERR, _("`%s' is not an absolute path"), file);
- return false;
- }
-
- p = strrchr(file, '/');
-
- if(p == file) /* It's in the root */
- p++;
-
- x = *p;
- *p = '\0';
-
- f = file;
-
-check1:
- if(lstat(f, &s) < 0) {
- logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
- return false;
- }
-
- if(s.st_uid != geteuid()) {
- logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
- f, s.st_uid, geteuid());
- return false;
- }
-
- if(S_ISLNK(s.st_mode)) {
- logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f);
-
- if(readlink(f, l, MAXBUFSIZE) < 0) {
- logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
- strerror(errno));
- return false;
- }
-
- f = l;
- goto check1;
- }
-
- *p = x;
- f = file;
-
-check2:
- if(lstat(f, &s) < 0 && errno != ENOENT) {
- logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
- return false;
- }
-
- if(errno == ENOENT)
- return true;
-
- if(s.st_uid != geteuid()) {
- logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
- f, s.st_uid, geteuid());
- return false;
- }
-
- if(S_ISLNK(s.st_mode)) {
- logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f);
-
- if(readlink(f, l, MAXBUFSIZE) < 0) {
- logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
- strerror(errno));
- return false;
- }
-
- f = l;
- goto check2;
- }
-
- if(s.st_mode & 0007) {
- /* Accessible by others */
- logger(LOG_ERR, _("`%s' has unsecure permissions"), f);
- return false;
- }
-#endif
-
- return true;
-}
-
-FILE *ask_and_safe_open(const char *filename, const char *what, bool safe, const char *mode)
+FILE *ask_and_open(const char *filename, const char *what, const char *mode)
{
FILE *r;
char *directory;
return NULL;
}
- /* Then check the file for nasty attacks */
- if(safe) {
- if(!is_safe_path(fn)) { /* Do not permit any directories that are readable or writeable by other users. */
- fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
- "I will not create or overwrite this file.\n"), fn);
- fclose(r);
- free(fn);
- return NULL;
- }
- }
-
free(fn);
return r;