along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: conf.c,v 1.9.4.69 2003/07/24 12:08:15 guus Exp $
+ $Id: conf.c,v 1.9.4.75 2003/08/08 22:11:54 guus Exp $
*/
#include "system.h"
char *buffer, *line;
char *variable, *value;
int lineno = 0;
+ int len;
bool ignore = false;
config_t *cfg;
size_t bufsize;
lineno++;
- variable = strtok(line, "\t =");
+ if(!*line || *line == '#')
+ continue;
- if(!variable)
- continue; /* no tokens on this line */
-
- if(variable[0] == '#')
- continue; /* comment: ignore */
-
- if(!strcmp(variable, "-----BEGIN"))
+ if(ignore) {
+ if(!strncmp(line, "-----END", 8))
+ ignore = false;
+ continue;
+ }
+
+ if(!strncmp(line, "-----BEGIN", 10)) {
ignore = true;
+ continue;
+ }
- if(!ignore) {
- value = strtok(NULL, "\t\n\r =");
-
- if(!value || value[0] == '#') {
- logger(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
- variable, lineno, fname);
- break;
- }
+ variable = value = line;
- cfg = new_config();
- cfg->variable = xstrdup(variable);
- cfg->value = xstrdup(value);
- cfg->file = xstrdup(fname);
- cfg->line = lineno;
+ len = strcspn(value, "\t =");
+ value += len;
+ value += strspn(value, "\t ");
+ if(*value == '=') {
+ value++;
+ value += strspn(value, "\t ");
+ }
+ variable[len] = '\0';
- config_add(config_tree, cfg);
+ if(!*value) {
+ logger(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
+ variable, lineno, fname);
+ break;
}
- if(!strcmp(variable, "-----END"))
- ignore = false;
+ cfg = new_config();
+ cfg->variable = xstrdup(variable);
+ cfg->value = xstrdup(value);
+ cfg->file = xstrdup(fname);
+ cfg->line = lineno;
+
+ config_add(config_tree, cfg);
}
free(buffer);
return x == 0;
}
-bool is_safe_path(const char *file)
-{
-#if !(defined(HAVE_CYGWIN) || defined(HAVE_MINGW))
- char *p;
- const char *f;
- char x;
- struct stat s;
- char l[MAXBUFSIZE];
-
- if(*file != '/') {
- logger(LOG_ERR, _("`%s' is not an absolute path"), file);
- return false;
- }
-
- p = strrchr(file, '/');
-
- if(p == file) /* It's in the root */
- p++;
-
- x = *p;
- *p = '\0';
-
- f = file;
-
-check1:
- if(lstat(f, &s) < 0) {
- logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
- return false;
- }
-
- if(s.st_uid != geteuid()) {
- logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
- f, s.st_uid, geteuid());
- return false;
- }
-
- if(S_ISLNK(s.st_mode)) {
- logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f);
-
- if(readlink(f, l, MAXBUFSIZE) < 0) {
- logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
- strerror(errno));
- return false;
- }
-
- f = l;
- goto check1;
- }
-
- *p = x;
- f = file;
-
-check2:
- if(lstat(f, &s) < 0 && errno != ENOENT) {
- logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
- return false;
- }
-
- if(errno == ENOENT)
- return true;
-
- if(s.st_uid != geteuid()) {
- logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
- f, s.st_uid, geteuid());
- return false;
- }
-
- if(S_ISLNK(s.st_mode)) {
- logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f);
-
- if(readlink(f, l, MAXBUFSIZE) < 0) {
- logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
- strerror(errno));
- return false;
- }
-
- f = l;
- goto check2;
- }
-
- if(s.st_mode & 0007) {
- /* Accessible by others */
- logger(LOG_ERR, _("`%s' has unsecure permissions"), f);
- return false;
- }
-#endif
-
- return true;
-}
-
-FILE *ask_and_safe_open(const char *filename, const char *what, bool safe, const char *mode)
+FILE *ask_and_open(const char *filename, const char *what, const char *mode)
{
FILE *r;
char *directory;
fn = xstrdup(filename);
}
- if(!strchr(fn, '/') || fn[0] != '/') {
+#ifdef HAVE_MINGW
+ if(fn[0] != '\\' && fn[0] != '/' && !strchr(fn, ':')) {
+#else
+ if(fn[0] != '/') {
+#endif
/* The directory is a relative path or a filename. */
char *p;
return NULL;
}
- /* Then check the file for nasty attacks */
- if(safe) {
- if(!is_safe_path(fn)) { /* Do not permit any directories that are readable or writeable by other users. */
- fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
- "I will not create or overwrite this file.\n"), fn);
- fclose(r);
- free(fn);
- return NULL;
- }
- }
-
free(fn);
return r;
projects / tinc / blobdiff