X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fcontrol.c;h=19f074a6a691136b8ea1fa6257085de5a54af929;hb=7ea85043ac1fb2096baea44f6b0af27ac0d0b2cf;hp=57e0ce09816061e394cb17b53ec7b857c6898435;hpb=d82fcc88f355e3c8144478a860dfae0b299004a9;p=tinc diff --git a/src/control.c b/src/control.c index 57e0ce09..19f074a6 100644 --- a/src/control.c +++ b/src/control.c @@ -25,6 +25,7 @@ #include "conf.h" #include "control.h" #include "control_common.h" +#include "graph.h" #include "logger.h" #include "xalloc.h" @@ -35,22 +36,21 @@ extern char *controlsocketname; static void handle_control_data(struct bufferevent *event, void *data) { tinc_ctl_request_t req; - size_t size; tinc_ctl_request_t res; struct evbuffer *res_data = NULL; void *req_data; - if(EVBUFFER_LENGTH(event->input) < sizeof(tinc_ctl_request_t)) + if(EVBUFFER_LENGTH(event->input) < sizeof req) return; /* Copy the structure to ensure alignment */ - memcpy(&req, EVBUFFER_DATA(event->input), sizeof(tinc_ctl_request_t)); + memcpy(&req, EVBUFFER_DATA(event->input), sizeof req); if(EVBUFFER_LENGTH(event->input) < req.length) return; - req_data = EVBUFFER_DATA(event->input) + sizeof(tinc_ctl_request_t); + req_data = EVBUFFER_DATA(event->input) + sizeof req; - if(req.length < sizeof(tinc_ctl_request_t)) + if(req.length < sizeof req) goto failure; memset(&res, 0, sizeof res); @@ -58,7 +58,7 @@ static void handle_control_data(struct bufferevent *event, void *data) { res.id = req.id; res_data = evbuffer_new(); - if (res_data == NULL) { + if(res_data == NULL) { res.res_errno = ENOMEM; goto respond; } @@ -109,10 +109,10 @@ static void handle_control_data(struct bufferevent *event, void *data) { debug_t new_debug_level; logger(LOG_NOTICE, _("Got '%s' command"), "debug"); - if(req.length != sizeof(req) + sizeof debug_level) + if(req.length != sizeof req + sizeof debug_level) res.res_errno = EINVAL; else { - memcpy(&new_debug_level, req_data, sizeof(debug_t)); + memcpy(&new_debug_level, req_data, sizeof new_debug_level); logger(LOG_NOTICE, _("Changing debug level from %d to %d"), debug_level, new_debug_level); if(evbuffer_add_printf(res_data, @@ -191,6 +191,7 @@ static void handle_new_control_socket(int fd, short events, void *data) { memset(&greeting, 0, sizeof greeting); greeting.version = TINC_CTL_VERSION_CURRENT; + greeting.pid = getpid(); if(bufferevent_write(ev, &greeting, sizeof greeting) == -1) { logger(LOG_ERR, _("Cannot send greeting for new control connection: %s"), @@ -213,10 +214,11 @@ static int control_compare(const struct event *a, const struct event *b) { bool init_control() { int result; struct sockaddr_un addr; + char *lastslash; if(strlen(controlsocketname) >= sizeof addr.sun_path) { logger(LOG_ERR, _("Control socket filename too long!")); - return false; + goto bail; } memset(&addr, 0, sizeof addr); @@ -227,12 +229,43 @@ bool init_control() { if(control_socket < 0) { logger(LOG_ERR, _("Creating UNIX socket failed: %s"), strerror(errno)); - return false; + goto bail; + } + + /* + * Restrict connections to our control socket by ensuring the parent + * directory can be traversed only by root. Note this is not totally + * race-free unless all ancestors are writable only by trusted users, + * which we don't verify. + */ + + struct stat statbuf; + lastslash = strrchr(controlsocketname, '/'); + if(lastslash != NULL) { + *lastslash = 0; /* temporarily change controlsocketname to be dir */ + if(mkdir(controlsocketname, 0700) < 0 && errno != EEXIST) { + logger(LOG_ERR, _("Unable to create control socket directory %s: %s"), controlsocketname, strerror(errno)); + *lastslash = '/'; + goto bail; + } + + result = stat(controlsocketname, &statbuf); + *lastslash = '/'; + } else + result = stat(".", &statbuf); + + if(result < 0) { + logger(LOG_ERR, _("Examining control socket directory failed: %s"), strerror(errno)); + goto bail; + } + + if(statbuf.st_uid != 0 || (statbuf.st_mode & S_IXOTH) != 0 || (statbuf.st_gid != 0 && (statbuf.st_mode & S_IXGRP)) != 0) { + logger(LOG_ERR, _("Control socket directory ownership/permissions insecure.")); + goto bail; } - //unlink(controlsocketname); result = bind(control_socket, (struct sockaddr *)&addr, sizeof addr); - + if(result < 0 && errno == EADDRINUSE) { result = connect(control_socket, (struct sockaddr *)&addr, sizeof addr); if(result < 0) { @@ -240,33 +273,36 @@ bool init_control() { unlink(controlsocketname); result = bind(control_socket, (struct sockaddr *)&addr, sizeof addr); } else { - close(control_socket); if(netname) logger(LOG_ERR, _("Another tincd is already running for net `%s'."), netname); else logger(LOG_ERR, _("Another tincd is already running.")); - return false; + goto bail; } } if(result < 0) { - logger(LOG_ERR, _("Can't bind to %s: %s\n"), controlsocketname, strerror(errno)); - close(control_socket); - return false; + logger(LOG_ERR, _("Can't bind to %s: %s"), controlsocketname, strerror(errno)); + goto bail; } if(listen(control_socket, 3) < 0) { - logger(LOG_ERR, _("Can't listen on %s: %s\n"), controlsocketname, strerror(errno)); - close(control_socket); - return false; + logger(LOG_ERR, _("Can't listen on %s: %s"), controlsocketname, strerror(errno)); + goto bail; } control_socket_tree = splay_alloc_tree((splay_compare_t)control_compare, (splay_action_t)bufferevent_free); event_set(&control_event, control_socket, EV_READ | EV_PERSIST, handle_new_control_socket, NULL); event_add(&control_event, NULL); - return true; + +bail: + if(control_socket != -1) { + close(control_socket); + control_socket = -1; + } + return false; } void exit_control() {