/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugin-runner.c

  • Committer: Teddy Hogeborn
  • Date: 2021-01-31 21:40:15 UTC
  • mto: This revision was merged to the branch mainline in revision 404.
  • Revision ID: teddy@recompile.se-20210131214015-yz7ogk2mqfdfflo6
Work around Debian bug #981302

* plugin-runner.c (main): If the /dev/fd symlink is missing, create
  it.
* plugins.d/mandos-client.c (main): - '' -

Reported-By: Eero Häkkinen <+debian-bts-2021@eero.xn--hkkinen-5wa.fi>
Suggested-by: Eero Häkkinen <+debian-bts-2021@eero.xn--hkkinen-5wa.fi>
Thanks: Eero Häkkinen for bug report and analysis

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
/*
3
3
 * Mandos plugin runner - Run Mandos plugins
4
4
 *
5
 
 * Copyright © 2008-2018 Teddy Hogeborn
6
 
 * Copyright © 2008-2018 Björn Påhlsson
 
5
 * Copyright © 2008-2020 Teddy Hogeborn
 
6
 * Copyright © 2008-2020 Björn Påhlsson
7
7
 * 
8
8
 * This file is part of Mandos.
9
9
 * 
26
26
#define _GNU_SOURCE             /* TEMP_FAILURE_RETRY(), getline(),
27
27
                                   O_CLOEXEC, pipe2() */
28
28
#include <stddef.h>             /* size_t, NULL */
29
 
#include <stdlib.h>             /* malloc(), exit(), EXIT_SUCCESS,
30
 
                                   realloc() */
 
29
#include <stdlib.h>             /* malloc(), reallocarray(), realloc(),
 
30
                                   EXIT_SUCCESS, exit() */
31
31
#include <stdbool.h>            /* bool, true, false */
32
32
#include <stdio.h>              /* fileno(), fprintf(),
33
33
                                   stderr, STDOUT_FILENO, fclose() */
47
47
                                   struct stat, fstat(), close(),
48
48
                                   setgid(), setuid(), S_ISREG(),
49
49
                                   faccessat() pipe2(), fork(),
50
 
                                   _exit(), dup2(), fexecve(), read()
51
 
                                */
 
50
                                   _exit(), dup2(), fexecve(), read(),
 
51
                                   lstat(), symlink() */
52
52
#include <fcntl.h>              /* fcntl(), F_GETFD, F_SETFD,
53
53
                                   FD_CLOEXEC, openat(), scandirat(),
54
54
                                   pipe2() */
179
179
  /* Resize the pointed-to array to hold one more pointer */
180
180
  char **new_array = NULL;
181
181
  do {
182
 
    new_array = realloc(*array, sizeof(char *)
183
 
                        * (size_t) ((*len) + 2));
 
182
#if defined(__GLIBC_PREREQ) and __GLIBC_PREREQ(2, 26)
 
183
    new_array = reallocarray(*array, (size_t)((*len) + 2),
 
184
                             sizeof(char *));
 
185
#else
 
186
    if(((size_t)((*len) + 2)) > (SIZE_MAX / sizeof(char *))){
 
187
      /* overflow */
 
188
      new_array = NULL;
 
189
      errno = ENOMEM;
 
190
    } else {
 
191
      new_array = realloc(*array, (size_t)((*len) + 2)
 
192
                          * sizeof(char *));
 
193
    }
 
194
#endif
184
195
  } while(new_array == NULL and errno == EINTR);
185
196
  /* Malloc check */
186
197
  if(new_array == NULL){
313
324
__attribute__((nonnull))
314
325
static void free_plugin(plugin *plugin_node){
315
326
  
316
 
  for(char **arg = plugin_node->argv; *arg != NULL; arg++){
 
327
  for(char **arg = (plugin_node->argv)+1; *arg != NULL; arg++){
317
328
    free(*arg);
318
329
  }
 
330
  free(plugin_node->name);
319
331
  free(plugin_node->argv);
320
332
  for(char **env = plugin_node->environ; *env != NULL; env++){
321
333
    free(*env);
564
576
    case '?':                   /* --help */
565
577
      state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
566
578
      argp_state_help(state, state->out_stream, ARGP_HELP_STD_HELP);
 
579
      __builtin_unreachable();
567
580
    case -3:                    /* --usage */
568
581
      state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
569
582
      argp_state_help(state, state->out_stream,
570
583
                      ARGP_HELP_USAGE | ARGP_HELP_EXIT_OK);
 
584
      __builtin_unreachable();
571
585
    case 'V':                   /* --version */
572
586
      fprintf(state->out_stream, "%s\n", argp_program_version);
573
587
      exit(EXIT_SUCCESS);
583
597
      if(arg[0] == '\0'){
584
598
        break;
585
599
      }
586
 
      /* FALLTHROUGH */
 
600
#if __GNUC__ >= 7
 
601
      __attribute__((fallthrough));
 
602
#else
 
603
          /* FALLTHROUGH */
 
604
#endif
587
605
    default:
588
606
      return ARGP_ERR_UNKNOWN;
589
607
    }
701
719
        
702
720
        custom_argc += 1;
703
721
        {
704
 
          char **new_argv = realloc(custom_argv, sizeof(char *)
705
 
                                    * ((size_t)custom_argc + 1));
 
722
#if defined(__GLIBC_PREREQ) and __GLIBC_PREREQ(2, 26)
 
723
          char **new_argv = reallocarray(custom_argv, (size_t)custom_argc + 1,
 
724
                                         sizeof(char *));
 
725
#else
 
726
          char **new_argv = NULL;
 
727
          if(((size_t)custom_argc + 1) > (SIZE_MAX / sizeof(char *))){
 
728
            /* overflow */
 
729
            errno = ENOMEM;
 
730
          } else {
 
731
            new_argv = realloc(custom_argv, ((size_t)custom_argc + 1)
 
732
                               * sizeof(char *));
 
733
          }
 
734
#endif
706
735
          if(new_argv == NULL){
707
 
            error(0, errno, "realloc");
 
736
            error(0, errno, "reallocarray");
708
737
            exitstatus = EX_OSERR;
709
738
            free(new_arg);
710
739
            free(org_line);
829
858
      }
830
859
      close(plugindir_fd);
831
860
    }
 
861
 
 
862
    /* Work around Debian bug #981302
 
863
       <https://bugs.debian.org/981302> */
 
864
    if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){
 
865
      ret = symlink("/proc/self/fd", "/dev/fd");
 
866
      if(ret == -1){
 
867
        error(0, errno, "Failed to create /dev/fd symlink");
 
868
      }
 
869
    }
832
870
  }
833
871
  
834
872
  /* Lower permissions */