 |
Make user/group-handling-code more robust - quark - quark web server |
 |
git clone git://git.suckless.org/quark |
 |
Log |
|
Files |
|
Refs |
|
LICENSE |
|
--- |
|
commit 660699492fb2275335d24fb26ec3c6529f623af0 |
|
parent b1dca4cf97d49750134fd98f0824f7913361c9c5 |
|
Author: Laslo Hunhold <[email protected]> |
|
Date: Sun, 9 Aug 2020 23:20:06 +0200 |
|
|
|
Make user/group-handling-code more robust |
|
|
|
As is there is no security issue, but _if_ we end up with a user |
|
or group set to NULL after e.g. ARGEND, we would've hit a null-pointer- |
|
dereference of grp in which is now line 311. |
|
|
|
What we want to check instead is if user or group are NULL respectively |
|
and throw an error. Consequently, we can remove the later checks in the |
|
drop root section, as we now guarantee that grp and pwd are not NULL. |
|
|
|
Signed-off-by: Laslo Hunhold <[email protected]> |
|
|
|
Diffstat: |
|
M main.c | 22 +++++++++++----------- |
|
|
|
1 file changed, 11 insertions(+), 11 deletions(-) |
|
--- |
|
diff --git a/main.c b/main.c |
|
@@ -271,8 +271,8 @@ main(int argc, char *argv[]) |
|
} |
|
|
|
if (udsname && (!access(udsname, F_OK) || errno != ENOENT)) { |
|
- die("UNIX-domain socket: %s", errno ? |
|
- strerror(errno) : "file exists"); |
|
+ die("UNIX-domain socket '%s': %s", udsname, errno ? |
|
+ strerror(errno) : "File exists"); |
|
} |
|
|
|
/* compile and check the supplied vhost regexes */ |
|
@@ -292,14 +292,14 @@ main(int argc, char *argv[]) |
|
|
|
/* validate user and group */ |
|
errno = 0; |
|
- if (user && !(pwd = getpwnam(user))) { |
|
- die("getpwnam '%s': %s", user, errno ? strerror(errno) : |
|
- "Entry not found"); |
|
+ if (!user || !(pwd = getpwnam(user))) { |
|
+ die("getpwnam '%s': %s", user ? user : "null", |
|
+ errno ? strerror(errno) : "Entry not found"); |
|
} |
|
errno = 0; |
|
- if (group && !(grp = getgrnam(group))) { |
|
- die("getgrnam '%s': %s", group, errno ? strerror(errno) : |
|
- "Entry not found"); |
|
+ if (!group || !(grp = getgrnam(group))) { |
|
+ die("getgrnam '%s': %s", group ? group : "null", |
|
+ errno ? strerror(errno) : "Entry not found"); |
|
} |
|
|
|
/* open a new process group */ |
|
@@ -337,13 +337,13 @@ main(int argc, char *argv[]) |
|
} |
|
|
|
/* drop root */ |
|
- if (grp && setgroups(1, &(grp->gr_gid)) < 0) { |
|
+ if (setgroups(1, &(grp->gr_gid)) < 0) { |
|
die("setgroups:"); |
|
} |
|
- if (grp && setgid(grp->gr_gid) < 0) { |
|
+ if (setgid(grp->gr_gid) < 0) { |
|
die("setgid:"); |
|
} |
|
- if (pwd && setuid(pwd->pw_uid) < 0) { |
|
+ if (setuid(pwd->pw_uid) < 0) { |
|
die("setuid:"); |
|
} |
|
