[Fix] Allow to follow symlinks when safe

Issue: #1625
author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2017-05-09 13:59:56 +0100
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2017-05-09 14:06:40 +0100
commit: 4c2c4f0fdc54f9bdb5371a108c3dc7886e6c81ec (patch)
tree: 731e32b41934b03c0d7fc802f57e76eb58ea2cb1 /src/libutil
parent: 7b0d41173904268944de296ab85f20efef91bde5 (diff)
download: rspamd-4c2c4f0fdc54f9bdb5371a108c3dc7886e6c81ec.tar.gz
rspamd-4c2c4f0fdc54f9bdb5371a108c3dc7886e6c81ec.zip
4 files changed, 21 insertions, 14 deletions
diff --git a/src/libutil/map.c b/src/libutil/map.c
index c6a7189a8..1855ca5d5 100644
--- a/src/libutil/map.c
+++ b/src/libutil/map.c
@@ -180,7 +180,7 @@ rspamd_map_check_file_sig (const char *fname,
 	if (bk->trusted_pubkey == NULL) {
 		/* Try to load and check pubkey */
 		rspamd_snprintf (fpath, sizeof (fpath), "%s.pub", fname);
-		data = rspamd_file_xmap (fpath, PROT_READ, &len);
+		data = rspamd_file_xmap (fpath, PROT_READ, &len, TRUE);
 
 		if (data == NULL) {
 			msg_err_map ("can't open pubkey %s: %s", fpath, strerror (errno));
@@ -628,7 +628,7 @@ read_map_file (struct rspamd_map *map, struct file_map_data *data,
 		return TRUE;
 	}
 
-	bytes = rspamd_file_xmap (data->filename, PROT_READ, &len);
+	bytes = rspamd_file_xmap (data->filename, PROT_READ, &len, TRUE);
 
 	if (bytes == NULL) {
 		msg_err_map ("can't open map %s: %s", data->filename, strerror (errno));
diff --git a/src/libutil/multipattern.c b/src/libutil/multipattern.c
index 35ef51a70..508ffcda9 100644
--- a/src/libutil/multipattern.c
+++ b/src/libutil/multipattern.c
@@ -470,7 +470,7 @@ rspamd_multipattern_try_load_hs (struct rspamd_multipattern *mp,
 	rspamd_snprintf (fp, sizeof (fp), "%s/%*xs.hsmp", hs_cache_dir,
 			(gint)rspamd_cryptobox_HASHBYTES / 2, hash);
 
-	if ((map = rspamd_file_xmap (fp, PROT_READ, &len)) != NULL) {
+	if ((map = rspamd_file_xmap (fp, PROT_READ, &len, TRUE)) != NULL) {
 		if (hs_deserialize_database (map, len, &mp->db) == HS_SUCCESS) {
 			munmap (map, len);
 			return TRUE;
@@ -500,7 +500,7 @@ rspamd_multipattern_try_save_hs (struct rspamd_multipattern *mp,
 	rspamd_snprintf (fp, sizeof (fp), "%s/%*xs.hsmp.tmp", hs_cache_dir,
 			(gint)rspamd_cryptobox_HASHBYTES / 2, hash);
 
-	if ((fd = rspamd_file_xopen (fp, O_WRONLY|O_CREAT|O_EXCL, 00644)) != -1) {
+	if ((fd = rspamd_file_xopen (fp, O_WRONLY | O_CREAT | O_EXCL, 00644, 0)) != -1) {
 		if (hs_serialize_database (mp->db, &bytes, &len) == HS_SUCCESS) {
 			if (write (fd, bytes, len) == -1) {
 				msg_warn ("cannot write hyperscan cache to %s: %s",
diff --git a/src/libutil/util.c b/src/libutil/util.c
index 704d65041..593baf522 100644
--- a/src/libutil/util.c
+++ b/src/libutil/util.c
@@ -2114,7 +2114,7 @@ rspamd_open_zstd_dictionary (const char *path)
 	struct zstd_dictionary *dict;
 
 	dict = g_slice_alloc0 (sizeof (*dict));
-	dict->dict = rspamd_file_xmap (path, PROT_READ, &dict->size);
+	dict->dict = rspamd_file_xmap (path, PROT_READ, &dict->size, TRUE);
 
 	if (dict->dict == NULL) {
 		g_slice_free1 (sizeof (*dict), dict);
@@ -2418,7 +2418,8 @@ event_get_base (struct event *ev)
 #endif
 
 int
-rspamd_file_xopen (const char *fname, int oflags, guint mode)
+rspamd_file_xopen (const char *fname, int oflags, guint mode,
+		gboolean allow_symlink)
 {
 	struct stat sb;
 	int fd;
@@ -2434,7 +2435,12 @@ rspamd_file_xopen (const char *fname, int oflags, guint mode)
 	}
 
 #ifdef HAVE_ONOFOLLOW
-	fd = open (fname, oflags | O_NOFOLLOW, mode);
+	if (!allow_symlink) {
+		fd = open (fname, oflags | O_NOFOLLOW, mode);
+	}
+	else {
+		fd = open (fname, oflags, mode);
+	}
 #else
 	fd = open (fname, oflags, mode);
 #endif
@@ -2443,8 +2449,8 @@ rspamd_file_xopen (const char *fname, int oflags, guint mode)
 }
 
 gpointer
-rspamd_file_xmap (const char *fname, guint mode,
-		gsize *size)
+rspamd_file_xmap (const char *fname, guint mode, gsize *size,
+		gboolean allow_symlink)
 {
 	gint fd;
 	struct stat sb;
@@ -2454,10 +2460,10 @@ rspamd_file_xmap (const char *fname, guint mode,
 	g_assert (size != NULL);
 
 	if (mode & PROT_WRITE) {
-		fd = rspamd_file_xopen (fname, O_RDWR, 0);
+		fd = rspamd_file_xopen (fname, O_RDWR, 0, allow_symlink);
 	}
 	else {
-		fd = rspamd_file_xopen (fname, O_RDONLY, 0);
+		fd = rspamd_file_xopen (fname, O_RDONLY, 0, allow_symlink);
 	}
 
 	if (fd == -1) {
diff --git a/src/libutil/util.h b/src/libutil/util.h
index 605822fee..7f6ccc2f6 100644
--- a/src/libutil/util.h
+++ b/src/libutil/util.h
@@ -479,7 +479,8 @@ struct event_base * event_get_base (struct event *ev);
  * @param mode mode to open
  * @return fd or -1 in case of error
  */
-int rspamd_file_xopen (const char *fname, int oflags, guint mode);
+int rspamd_file_xopen (const char *fname, int oflags, guint mode,
+		gboolean allow_symlink);
 
 /**
  * Map file without following symlinks or special stuff
@@ -488,8 +489,8 @@ int rspamd_file_xopen (const char *fname, int oflags, guint mode);
  * @param size target size (must NOT be NULL)
  * @return pointer to memory (should be freed using munmap) or NULL in case of error
  */
-gpointer rspamd_file_xmap (const char *fname, guint mode,
-		gsize *size);
+gpointer rspamd_file_xmap (const char *fname, guint mode, gsize *size,
+		gboolean allow_symlink);
 
 /**
  * Map named shared memory segment
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2017-05-09 13:59:56 +0100
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2017-05-09 14:06:40 +0100
commit	4c2c4f0fdc54f9bdb5371a108c3dc7886e6c81ec (patch)
tree	731e32b41934b03c0d7fc802f57e76eb58ea2cb1 /src/libutil
parent	7b0d41173904268944de296ab85f20efef91bde5 (diff)
download	rspamd-4c2c4f0fdc54f9bdb5371a108c3dc7886e6c81ec.tar.gz rspamd-4c2c4f0fdc54f9bdb5371a108c3dc7886e6c81ec.zip