Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

sandbox: Correct fix for hs part of 12064

Bugfix on cfd0ee514c279bc6c7b; bug not in any released version of tor
Nick Mathewson 10 years ago
parent
5de91d118d
commit
824bebd409
3 changed files with 29 additions and 5 deletions
Split View Show Diff Stats
  1. 20 1
      src/or/main.c
  2. 7 3
      src/or/rendservice.c
  3. 2 1
      src/or/rendservice.h

+ 20 - 1
src/or/main.c
View File 

@@ -2833,7 +2833,6 @@ sandbox_init_filter(void)
 
   {
 
     smartlist_t *files = smartlist_new();
 
     tor_log_get_logfile_names(files);
 
-    rend_services_add_filenames_to_list(files);
 
     SMARTLIST_FOREACH(files, char *, file_name, {
 
       /* steals reference */
 
       sandbox_cfg_allow_open_filename(&cfg, file_name);
 
@@ -2841,6 +2840,26 @@ sandbox_init_filter(void)
 
     smartlist_free(files);
 
   }
 
 
+  {
 
+    smartlist_t *files = smartlist_new();
 
+    smartlist_t *dirs = smartlist_new();
 
+    rend_services_add_filenames_to_lists(files, dirs);
 
+    SMARTLIST_FOREACH(files, char *, file_name, {
 
+      char *tmp_name = NULL;
 
+      tor_asprintf(&tmp_name, "%s.tmp", file_name);
 
+      sandbox_cfg_allow_rename(&cfg,
 
+                               tor_strdup(tmp_name), tor_strdup(file_name));
 
+      /* steals references */
 
+      sandbox_cfg_allow_open_filename_array(&cfg, file_name, tmp_name, NULL);
 
+    });
 
+    SMARTLIST_FOREACH(dirs, char *, dir, {
 
+      /* steals reference */
 
+      sandbox_cfg_allow_stat_filename(&cfg, dir);
 
+    });
 
+    smartlist_free(files);
 
+    smartlist_free(dirs);
 
+  }
 
+
 
   {
 
     char *fname;
 
     if ((fname = get_controller_cookie_file_name())) {

+ 7 - 3
src/or/rendservice.c
View File 

@@ -670,14 +670,18 @@ rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s)
 
                          s->directory);
 
 }
 
 
-/** Add to <b>lst</b> every filename used by a configured hidden service */
 
+/** Add to <b>open_lst</b> every filename used by a configured hidden service,
 
+ * and to <b>stat_lst</b> every directory used by a configured hidden
 
+ * service */
 
 void
 
-rend_services_add_filenames_to_list(smartlist_t *lst)
 
+rend_services_add_filenames_to_lists(smartlist_t *open_lst,
 
+                                     smartlist_t *stat_lst)
 
 {
 
   if (!rend_service_list)
 
     return;
 
   SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) {
 
-    rend_service_add_filenames_to_list(lst, s);
 
+    rend_service_add_filenames_to_list(open_lst, s);
 
+    smartlist_add(stat_lst, tor_strdup(s->directory));
 
   } SMARTLIST_FOREACH_END(s);
 
 }

+ 2 - 1
src/or/rendservice.h
View File 

@@ -71,7 +71,8 @@ struct rend_intro_cell_s {
 
 int num_rend_services(void);
 
 int rend_config_services(const or_options_t *options, int validate_only);
 
 int rend_service_load_all_keys(void);
 
-void rend_services_add_filenames_to_list(smartlist_t *lst);
 
+void rend_services_add_filenames_to_lists(smartlist_t *open_lst,
 
+                                          smartlist_t *stat_lst);
 
 void rend_services_introduce(void);
 
 void rend_consider_services_upload(time_t now);
 
 void rend_hsdir_routers_changed(void);