Commit addae04c authored by Timo Teräs's avatar Timo Teräs

db, audit: audit symlinks (by hash of the link target)

parent 949d375a
......@@ -77,7 +77,7 @@ static int add_main(void *ctx, struct apk_database *db, int argc, char **argv)
}
virtpkg->name = apk_db_get_name(db, APK_BLOB_STR(actx->virtpkg));
apk_blob_checksum(APK_BLOB_STR(virtpkg->name->name),
apk_default_checksum(), &virtpkg->csum);
apk_checksum_default(), &virtpkg->csum);
virtpkg->version = strdup("0");
virtpkg->description = strdup("virtual meta package");
apk_dep_from_pkg(&virtdep, db, virtpkg);
......
......@@ -27,6 +27,7 @@ typedef int (*apk_blob_cb)(void *ctx, apk_blob_t blob);
#define APK_CHECKSUM_NONE 0
#define APK_CHECKSUM_MD5 16
#define APK_CHECKSUM_SHA1 20
#define APK_CHECKSUM_DEFAULT APK_CHECKSUM_SHA1
/* Internal cointainer for MD5 or SHA1 */
struct apk_checksum {
......@@ -34,12 +35,7 @@ struct apk_checksum {
unsigned char type;
};
static inline const EVP_MD *apk_default_checksum(void)
{
return EVP_sha1();
}
static inline const EVP_MD *apk_get_digest(int type)
static inline const EVP_MD *apk_checksum_evp(int type)
{
switch (type) {
case APK_CHECKSUM_MD5:
......@@ -50,6 +46,11 @@ static inline const EVP_MD *apk_get_digest(int type)
return EVP_md_null();
}
static inline const EVP_MD *apk_checksum_default(void)
{
return apk_checksum_evp(APK_CHECKSUM_DEFAULT);
}
#define APK_BLOB_IS_NULL(blob) ((blob).ptr == NULL)
#define APK_BLOB_NULL ((apk_blob_t){0, NULL})
......
......@@ -205,7 +205,7 @@ int apk_tar_parse(struct apk_istream *is, apk_archive_entry_parser parser,
/* callback parser function */
if (teis.csum != NULL)
EVP_DigestInit_ex(&teis.mdctx,
apk_default_checksum(), NULL);
apk_checksum_default(), NULL);
r = parser(ctx, &entry, &teis.is);
free(entry.name);
......
......@@ -1319,7 +1319,7 @@ int apk_db_add_repository(apk_database_t _db, apk_blob_t repository)
if (apk_url_local_file(repo->url) == NULL) {
char cacheitem[PATH_MAX];
apk_blob_checksum(repository, apk_default_checksum(), &repo->csum);
apk_blob_checksum(repository, apk_checksum_default(), &repo->csum);
if (apk_flags & APK_UPDATE_CACHE)
apk_repository_update(db, repo);
......@@ -1567,6 +1567,16 @@ static int apk_db_install_archive_entry(void *_ctx,
struct apk_db_dir_instance *ldiri;
struct hlist_node *n;
if (S_ISLNK(ae->mode)) {
EVP_Digest(ae->link_target,
strlen(ae->link_target),
file->csum.data, NULL,
apk_checksum_default(),
NULL);
file->csum.type = APK_CHECKSUM_DEFAULT;
break;
}
if (!apk_blob_rsplit(APK_BLOB_STR(ae->link_target),
'/', &bdir, &bfile))
break;
......
......@@ -488,12 +488,25 @@ int apk_file_get_info(int atfd, const char *filename, unsigned int flags,
if (checksum == APK_CHECKSUM_NONE)
return 0;
if ((flags & APK_FI_NOFOLLOW) && S_ISLNK(st.st_mode)) {
char *target = alloca(st.st_size);
if (target == NULL)
return -ENOMEM;
if (readlinkat(atfd, filename, target, st.st_size) < 0)
return -errno;
EVP_Digest(target, st.st_size, fi->csum.data, NULL,
apk_checksum_evp(checksum), NULL);
fi->csum.type = checksum;
return 0;
}
bs = apk_bstream_from_file(atfd, filename);
if (bs != NULL) {
EVP_MD_CTX mdctx;
apk_blob_t blob;
EVP_DigestInit(&mdctx, apk_get_digest(checksum));
EVP_DigestInit(&mdctx, apk_checksum_evp(checksum));
if (bs->flags & APK_BSTREAM_SINGLE_READ)
EVP_MD_CTX_set_flags(&mdctx, EVP_MD_CTX_FLAG_ONESHOT);
while (!APK_BLOB_IS_NULL(blob = bs->read(bs, APK_BLOB_NULL)))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment