QubesOS/qubes-linux-utils
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
99 Commits 8 Branches 243 Tags 1.4 MiB
mm_f6460d6e
Commit Graph

30 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
d0a23bdd09 debian: O_TMPFILE already defined 2015-02-01 03:06:47 +01:00
Marek Marczykowski-Górecki
bbdb5ed67f filecopy: fix handling ENOENT error 
Do not fail when file was successfully created.

I will test before commit. I will test before commit. I will...
 2015-01-23 00:21:36 +01:00
Marek Marczykowski-Górecki
d88242bb99 filecopy: really do not use O_TMPFILE when use_tmpfile==0 
When file opened with O_TMPFILE but use_tmpfile==0, the file will not be
linked to the directory (the code at the end of process_one_file_reg).
Additionally it is waste of time trying using O_TMPFILE when it's
already known it shouldn't be.
Also use_tmpfile==0 can mean we don't have access to /proc
(set_procfs_fd wasn't called), so even if linking the file to its
directory would be attempted, it would fail. This is the case for
dom0-updates copy.
 2015-01-21 16:05:19 +01:00
Marek Marczykowski-Górecki
72069d8526 filecopy: create new file unaccessible to the user until fully written 
Otherwise source domain can modify (append) the file while the user
already is accessing it. While incoming files should be treated as
untrusted, this problem could allow file modification after the user
makes some sanity checks.
 2015-01-11 05:39:25 +01:00
Davíð Steinn Geirsson
bc75b6559b Use xenstore.h when xen >= 4.2 2014-07-23 04:32:46 +02:00
Marek Marczykowski-Górecki
821a1c2fe9 qrexec-lib: use _exit in child process to not fire atexit hooks 
Otherwise it would remove qrexec socket.
 2014-05-19 16:52:27 +02:00
Marek Marczykowski-Górecki
b8b4e105c0 qrexec-lib: return unsigned where only non-negative value is returned 2014-02-19 20:52:24 +01:00
Marek Marczykowski-Górecki
b12f1539a4 Add -Wextra -Werror to all C code 
Not only the security-critical one.
 2014-02-16 11:10:38 +01:00
Marek Marczykowski-Górecki
12a9049cfe Fix some more -Wextra warnings 2014-02-16 11:10:31 +01:00
Vincent Penquerc'h
03c9cb1388 Add a few consts where appropriate 2014-02-16 11:08:22 +01:00
Vincent Penquerc'h
9f3a74fd77 unpack: prevent ability to bypass the byte limit 
By passing an empty file with a declared negative size,
a hostile VM can decrease the total bytes counter, while
not have do supply a huge amount of data, thus disabing
the byte size check, and potentially filling the target
filesystem.
 2014-02-15 14:14:20 +01:00
Marek Marczykowski-Górecki
516815a266 qrexec-lib: make it shared library 2014-02-07 05:29:59 +01:00
Marek Marczykowski-Górecki
113826aa1a qrexec-lib: use registered callbacks 
...instead of exported symbols of certain name. This is first step to
use change it to shared libraries.
 2014-02-07 05:27:29 +01:00
Marek Marczykowski-Górecki
1c6f44d7fa qrexec-lib: fix compile warnings 2014-02-07 05:26:52 +01:00
Vincent Penquerc'h
f7e943f7ec txrx-vchan: guard against invalid buffer sizes from libvchan 
These APIs can now return -1 when invalid indices are detected.
 2014-01-21 20:57:20 +01:00
Marek Marczykowski-Górecki
e36f03db2d unix-server: do not check for unlink() error when creating socket 
The socket most likely do not exists yet.
 2014-01-07 00:27:57 +01:00
Vincent Penquerc'h
a2e4f9a8aa ioall: do not reset file flags when they're already as requested 
This was changed on a copy of that file elsewhere, might as well
keep this in sync too.
 2014-01-06 14:40:57 +01:00
Vincent Penquerc'h
3a39c65e3e linux-utils: misc const/prototype fixups 2014-01-06 14:40:57 +01:00
Vincent Penquerc'h
af78e8d9e8 unpack: count directory and symlink sizes 
Also do not rely on unpack being called just once if we don't
have to and initialize counts.

Since we don't know directory size before populating with files,
we just accumulate the size on the second pass, but do not actually
check for the limit being reached. If there's any file after that,
that'll trip the check.
 2014-01-06 14:40:57 +01:00
Vincent Penquerc'h
77d34c3096 unix-server: guard against buffer overflow 
sun_path is fairly small, and while the input is a smaller constant,
you never know how that might change.
 2014-01-06 14:40:56 +01:00
Vincent Penquerc'h
21154a3e6b unix-server: some error checking 2014-01-06 14:40:56 +01:00
Vincent Penquerc'h
9192aa041d buffer.c: guard against bad input 
The byte limit would be hit if adding one byte to a buffer
that's half the limit, due to the temporary double copy.
Not sure if that's something that's worth changing.
 2014-01-06 14:40:56 +01:00
Marek Marczykowski-Górecki
21612bfadf qrexec-lib: add support for verbose mode (echo just processed file) 2013-11-13 10:35:47 +01:00
Marek Marczykowski-Górecki
761305bc8b qrexec-lib: check files limit before processing the file 
Off-by-one error.
 2013-11-13 10:35:23 +01:00
Marek Marczykowski-Górecki
2ee40f16c2 qrexec-lib: fail peer_client_init call when domain dies 
Don't wait indefinitely.
 2013-10-27 16:06:26 +01:00
Marek Marczykowski-Górecki
2739340559 qrexec-lib: fix memory leak 
If xs_read returns pointer to empty string (len==0), then it was leaked.
 2013-10-27 16:05:32 +01:00
Marek Marczykowski-Górecki
a73be3f126 qubes-rpc/filecopy: send last processed filename for diagnostic purposes 
This will ease solving transfer problems - sender will known at which
file it failed.
 2013-08-14 21:28:50 +02:00
Marek Marczykowski-Górecki
5131810265 qubes-rpc/filecopy: use explicit struct alignment 
This is much more readable, than guessing exact struct packing done by
gcc on x86_64.
 2013-08-14 21:26:37 +02:00
Marek Marczykowski-Górecki
138d7899d9 Remove duplicated filecopy.h header 
The same also exists as libqubes-rpc-filecopy.h.
 2013-08-14 21:25:30 +02:00
Marek Marczykowski
42e133b753 Qrexec common code, qubes.Filecopy common code, udev scripts 2013-03-20 06:27:32 +01:00