undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

unix-socket: disallow chdir() when creating unix domain sockets

Browse Source 
Calls to `chdir()` are dangerous in a multi-threaded context.  If
`unix_stream_listen()` or `unix_stream_connect()` is given a socket
pathname that is too long to fit in a `sockaddr_un` structure, it will
`chdir()` to the parent directory of the requested socket pathname,
create the socket using a relative pathname, and then `chdir()` back.
This is not thread-safe.

Teach `unix_sockaddr_init()` to not allow calls to `chdir()` when this
flag is set.

Signed-off-by: Jeff Hostetler <jeffhost@microsoft.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Jeff Hostetler 2021-03-15 21:08:26 +00:00 committed by Junio C Hamano
parent 55144ccb0a
commit 77e522caae
3 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
builtin/credential-cache.c
View File

@ -14,7 +14,7 @@
static int send_request(const char *socket, const struct strbuf *out) static int send_request(const char *socket, const struct strbuf *out)
{ {
int got_data = 0; int got_data = 0;
int fd = unix_stream_connect(socket); int fd = unix_stream_connect(socket, 0);
if (fd < 0) if (fd < 0)
return -1; return -1;

17
unix-socket.c
View File

@ -30,16 +30,23 @@ static void unix_sockaddr_cleanup(struct unix_sockaddr_context *ctx)
} }
static int unix_sockaddr_init(struct sockaddr_un *sa, const char *path, static int unix_sockaddr_init(struct sockaddr_un *sa, const char *path,
struct unix_sockaddr_context *ctx) struct unix_sockaddr_context *ctx,
int disallow_chdir)
{ {
int size = strlen(path) + 1; int size = strlen(path) + 1;
ctx->orig_dir = NULL; ctx->orig_dir = NULL;
if (size > sizeof(sa->sun_path)) { if (size > sizeof(sa->sun_path)) {
const char *slash = find_last_dir_sep(path); const char *slash;
const char *dir; const char *dir;
struct strbuf cwd = STRBUF_INIT; struct strbuf cwd = STRBUF_INIT;
if (disallow_chdir) {
errno = ENAMETOOLONG;
return -1;
}
slash = find_last_dir_sep(path);
if (!slash) { if (!slash) {
errno = ENAMETOOLONG; errno = ENAMETOOLONG;
return -1; return -1;
@ -65,13 +72,13 @@ static int unix_sockaddr_init(struct sockaddr_un *sa, const char *path,
return 0; return 0;
} }
int unix_stream_connect(const char *path) int unix_stream_connect(const char *path, int disallow_chdir)
{ {
int fd = -1, saved_errno; int fd = -1, saved_errno;
struct sockaddr_un sa; struct sockaddr_un sa;
struct unix_sockaddr_context ctx; struct unix_sockaddr_context ctx;
if (unix_sockaddr_init(&sa, path, &ctx) < 0) if (unix_sockaddr_init(&sa, path, &ctx, disallow_chdir) < 0)
return -1; return -1;
fd = socket(AF_UNIX, SOCK_STREAM, 0); fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd < 0) if (fd < 0)
@ -101,7 +108,7 @@ int unix_stream_listen(const char *path,
unlink(path); unlink(path);
if (unix_sockaddr_init(&sa, path, &ctx) < 0) if (unix_sockaddr_init(&sa, path, &ctx, opts->disallow_chdir) < 0)
return -1; return -1;
fd = socket(AF_UNIX, SOCK_STREAM, 0); fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd < 0) if (fd < 0)

3
unix-socket.h
View File

@ -3,11 +3,12 @@
struct unix_stream_listen_opts { struct unix_stream_listen_opts {
int listen_backlog_size; int listen_backlog_size;
unsigned int disallow_chdir:1;
}; };
#define UNIX_STREAM_LISTEN_OPTS_INIT { 0 } #define UNIX_STREAM_LISTEN_OPTS_INIT { 0 }
int unix_stream_connect(const char *path); int unix_stream_connect(const char *path, int disallow_chdir);
int unix_stream_listen(const char *path, int unix_stream_listen(const char *path,
const struct unix_stream_listen_opts *opts); const struct unix_stream_listen_opts *opts);