Ticket #299: 301-fix-filechecking.patch

File 301-fix-filechecking.patch, 1.3 KB (added by MaxMuster, 9 years ago)

Second, more generic fix, introducing a filecheck respecting chroot_dir

  • src/openvpn/options.c

     
    26092609  return (errcode != 0 ? true : false);
    26102610}
    26112611
     2612/* Filecheck if file might be relative to chroot dir */
     2613static bool
     2614check_file_access_chroot(const int type, const char *file, const int mode, const char *opt, const char *chrootpath)
     2615{
     2616  if (chrootpath)
     2617    {
     2618      char fullpath [strlen(file) + strlen(chrootpath) +2];
     2619      sprintf(fullpath, "%s/%s", chrootpath,file);
     2620      return check_file_access(type, fullpath, mode, opt);
     2621    }
     2622  else
     2623    return check_file_access(type, file, mode, opt);
     2624}
     2625
    26122626/*
    26132627 * Verifies that the path in the "command" that comes after certain script options (e.g., --up) is a
    26142628 * valid file with appropriate permissions.
     
    27332747                             R_OK|W_OK|X_OK, "--tls-export-cert");
    27342748#endif /* ENABLE_SSL */
    27352749#if P2MP_SERVER
    2736   errs |= check_file_access (CHKACC_FILE, options->client_config_dir,
    2737                              R_OK|X_OK, "--client-config-dir");
     2750  errs |= check_file_access_chroot (CHKACC_FILE, options->client_config_dir,
     2751                             R_OK|X_OK, "--client-config-dir", options->chroot_dir);
    27382752  errs |= check_file_access (CHKACC_FILE, options->tmp_dir,
    27392753                             R_OK|W_OK|X_OK, "Temporary directory (--tmp-dir)");
    27402754