colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: factor out plugin validation

Browse Source 
The new function will be used to validate other plugins we load.
This commit is contained in:
Beniamino Galvani
2016-11-17 09:56:16 +01:00
parent 7ae6e980e4
commit 2e21d78494
2 changed files with 39 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
src/nm-core-utils.c
View File

@@ -3804,6 +3804,37 @@ read_device_factory_paths_sort_fcn (gconstpointer a, gconstpointer b)
return 0; return 0;
} }
gboolean
nm_utils_validate_plugin (const char *path, struct stat *st, GError **error)
{
g_return_val_if_fail (path, FALSE);
g_return_val_if_fail (st, FALSE);
g_return_val_if_fail (!error || !*error, FALSE);
if (!S_ISREG (st->st_mode)) {
g_set_error_literal (error,
NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
"not a regular file");
return FALSE;
}
if (st->st_uid != 0) {
g_set_error_literal (error,
NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
"file has invalid owner (should be root)");
return FALSE;
}
if (st->st_mode & (S_IWGRP | S_IWOTH | S_ISUID)) {
g_set_error_literal (error,
NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
"file has invalid permissions");
return FALSE;
}
return TRUE;
}
char ** char **
nm_utils_read_plugin_paths (const char *dirname, const char *prefix) nm_utils_read_plugin_paths (const char *dirname, const char *prefix)
{ {
@@ -3846,18 +3877,12 @@ nm_utils_read_plugin_paths (const char *dirname, const char *prefix)
data.path, strerror (errsv)); data.path, strerror (errsv));
goto skip; goto skip;
} }
if (!S_ISREG (data.st.st_mode))
goto skip; if (!nm_utils_validate_plugin (data.path, &data.st, &error)) {
if (data.st.st_uid != 0) {
nm_log_warn (LOGD_CORE, nm_log_warn (LOGD_CORE,
"plugin: skip invalid file %s (file must be owned by root)", "plugin: skip invalid file %s: %s",
data.path); data.path, error->message);
goto skip; g_clear_error (&error);
}
if (data.st.st_mode & (S_IWGRP | S_IWOTH | S_ISUID)) {
nm_log_warn (LOGD_CORE,
"plugin: skip invalid file %s (invalid file permissions)",
data.path);
goto skip; goto skip;
} }

3
src/nm-core-utils.h
View File

@@ -451,6 +451,9 @@ gboolean nm_utils_file_set_contents (const gchar *filename,
mode_t mode, mode_t mode,
GError **error); GError **error);
struct stat;
gboolean nm_utils_validate_plugin (const char *path, struct stat *stat, GError **error);
char **nm_utils_read_plugin_paths (const char *dirname, const char *prefix); char **nm_utils_read_plugin_paths (const char *dirname, const char *prefix);
#endif /* __NM_CORE_UTILS_H__ */ #endif /* __NM_CORE_UTILS_H__ */