aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

file: use functions on fd to avoid toctou

Browse Source 
Ticket: #5308
pull/7455/head
Philippe Antoine 3 years ago committed by Victor Julien
parent ecb8dd4de0
commit 875eb58fb0
4 changed files with 39 additions and 36 deletions
Show Stats Download Patch File Download Diff File

17
src/suricata.c
Unescape Escape View File

@ -530,23 +530,22 @@ static void SetBpfStringFromFile(char *filename)
" Use firewall filtering if possible.");
}
fp = fopen(filename, "r");
if (fp == NULL) {
SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename);
exit(EXIT_FAILURE);
}
#ifdef OS_WIN32
if(_stat(filename, &st) != 0) {
if (_fstat(_fileno(fp), &st) != 0) {
#else
if(stat(filename, &st) != 0) {
if (fstat(fileno(fp), &st) != 0) {
#endif /* OS_WIN32 */
SCLogError(SC_ERR_FOPEN, "Failed to stat file %s", filename);
exit(EXIT_FAILURE);
}
bpf_len = st.st_size + 1;
// coverity[toctou : FALSE]
fp = fopen(filename,"r");
if (fp == NULL) {
SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename);
exit(EXIT_FAILURE);
}
bpf_filter = SCMalloc(bpf_len * sizeof(char));
if (unlikely(bpf_filter == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate buffer for bpf filter in file %s", filename);

2
src/util-debug.c
Unescape Escape View File

@ -742,7 +742,7 @@ static inline SCLogOPIfaceCtx *SCLogInitFileOPIface(const char *file, uint32_t u
#ifndef OS_WIN32
if (userid != 0 || groupid != 0) {
if (chown(file, userid, groupid) == -1) {
if (fchown(fileno(iface_ctx->file_d), userid, groupid) == -1) {
SCLogWarning(SC_WARN_CHOWN, "Failed to change ownership of file %s: %s", file,
strerror(errno));
}

6
src/util-logopenfile.c
Unescape Escape View File

@ -401,7 +401,11 @@ SCLogOpenFileFp(const char *path, const char *append_setting, uint32_t mode)
filename, strerror(errno));
} else {
if (mode != 0) {
int r = chmod(filename, (mode_t)mode);
#ifdef OS_WIN32
int r = _chmod(filename, (mode_t)mode);
#else
int r = fchmod(fileno(ret), (mode_t)mode);
#endif
if (r < 0) {
SCLogWarning(SC_WARN_CHMOD, "Could not chmod %s to %o: %s",
filename, mode, strerror(errno));

50
src/util-pidfile.c
Unescape Escape View File

@ -104,37 +104,37 @@ void SCPidfileRemove(const char *pid_filename)
*/
int SCPidfileTestRunning(const char *pid_filename)
{
if (access(pid_filename, F_OK) == 0) {
/* Check if the existing process is still alive. */
FILE *pf;
/* Check if the existing process is still alive. */
FILE *pf;
// coverity[toctou : FALSE]
pf = fopen(pid_filename, "r");
if (pf == NULL) {
SCLogError(SC_ERR_INITIALIZATION,
"pid file '%s' exists and can not be read. Aborting!",
pf = fopen(pid_filename, "r");
if (pf == NULL) {
if (access(pid_filename, F_OK) == 0) {
SCLogError(SC_ERR_INITIALIZATION, "pid file '%s' exists and can not be read. Aborting!",
pid_filename);
return -1;
} else {
return 0;
}
}
#ifndef OS_WIN32
pid_t pidv;
if (fscanf(pf, "%d", &pidv) == 1 && kill(pidv, 0) == 0) {
SCLogError(SC_ERR_INITIALIZATION,
"pid file '%s' exists and Suricata appears to be running. "
"Aborting!", pid_filename);
} else
pid_t pidv;
if (fscanf(pf, "%d", &pidv) == 1 && kill(pidv, 0) == 0) {
SCLogError(SC_ERR_INITIALIZATION,
"pid file '%s' exists and Suricata appears to be running. "
"Aborting!",
pid_filename);
} else
#endif
{
SCLogError(SC_ERR_INITIALIZATION,
"pid file '%s' exists but appears stale. "
"Make sure Suricata is not running and then remove %s. "
"Aborting!",
pid_filename, pid_filename);
}
fclose(pf);
return -1;
{
SCLogError(SC_ERR_INITIALIZATION,
"pid file '%s' exists but appears stale. "
"Make sure Suricata is not running and then remove %s. "
"Aborting!",
pid_filename, pid_filename);
}
return 0;
fclose(pf);
return -1;
}

Write Preview
Loading…
Cancel
Save