- added is_valid_dir() utility function for checking directory stat()/existence (this

is used for gpg keyring path validation). git-svn-id: file:///home/mbr/svn/fwknop/trunk@259 510a4753-2344-4c79-9c09-4d669213fbeb
2010-07-12 01:48:49 +00:00 · 2010-07-12 01:48:49 +00:00 · ed9170e506
commit ed9170e506
parent f03b2786eb
5 changed files with 52 additions and 3 deletions
--- a/server/access.c
+++ b/server/access.c
@ -769,7 +769,17 @@ parse_access_file(fko_srv_options_t *opts)
        }
        else if(CONF_VAR_IS(var, "GPG_HOME_DIR"))
        {
-            add_acc_string(&(curr_acc->gpg_home_dir), val);
+            if (is_valid_dir(val))
+            {
+                add_acc_string(&(curr_acc->gpg_home_dir), val);
+            }
+            else
+            {
+                fprintf(stderr,
+                    "[*] GPG_HOME_DIR directory '%s' stat()/existence problem in stanza source '%s' in access file: '%s'\n",
+                    val, curr_acc->source, opts->config[CONF_ACCESS_FILE]);
+                exit(EXIT_FAILURE);
+            }
        }
        else if(CONF_VAR_IS(var, "GPG_DECRYPT_ID"))
        {
--- a/server/config_init.c
+++ b/server/config_init.c
@ -452,7 +452,17 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
                opts->foreground = 1;
                break;
            case GPG_HOME_DIR:
-                set_config_entry(opts, CONF_GPG_HOME_DIR, optarg);
+                if (is_valid_dir(optarg))
+                {
+                    set_config_entry(opts, CONF_GPG_HOME_DIR, optarg);
+                }
+                else
+                {
+                    fprintf(stderr,
+                        "[*] Directory '%s' could not stat()/does not exist?\n",
+                        optarg);
+                    exit(EXIT_FAILURE);
+                }
                break;
            case GPG_KEY:
                set_config_entry(opts, CONF_GPG_KEY, optarg);
--- a/server/incoming_spa.c
+++ b/server/incoming_spa.c
@ -247,7 +247,16 @@ incoming_spa(fko_srv_options_t *opts)
            /* Set whatever GPG parameters we have.
            */
            if(acc->gpg_home_dir != NULL)
-                fko_set_gpg_home_dir(ctx, acc->gpg_home_dir);
+                res = fko_set_gpg_home_dir(ctx, acc->gpg_home_dir);
+                if(res != FKO_SUCCESS)
+                {
+                    log_msg(LOG_WARNING,
+                        "Error setting GPG keyring path to %s: %s",
+                        acc->gpg_home_dir,
+                        fko_errstr(res)
+                    );
+                    return(SPA_MSG_FKO_CTX_ERROR);
+                }

            if(acc->gpg_decrypt_id != NULL)
                fko_set_gpg_recipient(ctx, acc->gpg_decrypt_id);
--- a/server/utils.c
+++ b/server/utils.c
@ -136,4 +136,23 @@ dump_ctx(fko_ctx_t ctx)
    return(buf);
 }

+/* Basic directory checks (stat() and whether the path is actually
+ * a directory).
+*/
+int
+is_valid_dir(const char *path)
+{
+    struct stat     st;
+
+    /* If we are unable to stat the given dir, then return with error.
+    */
+    if(stat(path, &st) != 0)
+        return(0);
+
+    if(!S_ISDIR(st.st_mode))
+        return(0);
+
+    return(1);
+}
+
 /***EOF***/
--- a/server/utils.h
+++ b/server/utils.h
@ -34,6 +34,7 @@
 */
 void hex_dump(unsigned char *data, int size);
 char* dump_ctx(fko_ctx_t ctx);
+int is_valid_dir(const char *path);

 #ifdef WIN32
  /* Function prototypes we need for Windows