From 1e7058d6f063b57ef93664ff89aca2d0c760bcd7 Mon Sep 17 00:00:00 2001 From: liubo Date: Tue, 24 May 2022 19:26:56 +0800 Subject: [PATCH 28/33] etmem: add config file permission check Add permission verification and file size check in the config file paring process. Signed-off-by: liubo --- etmem/inc/etmemd_inc/etmemd_common.h | 3 +++ etmem/src/etmemd_src/etmemd_common.c | 27 +++++++++++++++++++++++++++ etmem/src/etmemd_src/etmemd_rpc.c | 14 +++++++++++++- 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/etmem/inc/etmemd_inc/etmemd_common.h b/etmem/inc/etmemd_inc/etmemd_common.h index db71446..f3808b3 100644 --- a/etmem/inc/etmemd_inc/etmemd_common.h +++ b/etmem/inc/etmemd_inc/etmemd_common.h @@ -37,6 +37,7 @@ #define KB_TO_BYTE(s) ((s) << 10) #define GB_TO_KB(s) ((s) << 20) +#define MAX_CONFIG_FILE_SIZE (KB_TO_BYTE(10 * 1024)) #define MAX_SWAPCACHE_WMARK_VALUE 100 #define ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) @@ -83,4 +84,6 @@ int dprintf_all(int fd, const char *format, ...); int get_swap_threshold_inKB(const char *string, unsigned long *value); int file_permission_check(const char *file_path, mode_t mode); +int file_size_check(const char *file_path, off_t size); + #endif diff --git a/etmem/src/etmemd_src/etmemd_common.c b/etmem/src/etmemd_src/etmemd_common.c index ab9a05b..a12a43f 100644 --- a/etmem/src/etmemd_src/etmemd_common.c +++ b/etmem/src/etmemd_src/etmemd_common.c @@ -593,3 +593,30 @@ int file_permission_check(const char *file_path, mode_t mode) return 0; } +int file_size_check(const char *file_path, off_t size) +{ + struct stat buf = {0}; + + if (file_path == NULL || size <= 0) { + etmemd_log(ETMEMD_LOG_ERR, "file_size_check failed, invalid para\n"); + return -1; + } + + if (access(file_path, F_OK) != 0) { + etmemd_log(ETMEMD_LOG_ERR, "no such file: %s\n", file_path); + return -1; + } + + if (stat(file_path, &buf) != 0) { + etmemd_log(ETMEMD_LOG_ERR, "get file : %s stat failed.\n", file_path); + return -1; + } + + if (buf.st_size > size) { + etmemd_log(ETMEMD_LOG_WARN, "file : %s is too big.\n", file_path); + return -1; + } + + return 0; +} + diff --git a/etmem/src/etmemd_src/etmemd_rpc.c b/etmem/src/etmemd_src/etmemd_rpc.c index 6b23059..780ddce 100644 --- a/etmem/src/etmemd_src/etmemd_rpc.c +++ b/etmem/src/etmemd_src/etmemd_rpc.c @@ -181,13 +181,25 @@ static enum opt_result handle_obj_cmd(char *file_name, enum cmd_type type) return OPT_INVAL; } + if (file_permission_check(resolve_path, S_IRUSR) != 0 && + file_permission_check(resolve_path, S_IRUSR | S_IWUSR) != 0) { + etmemd_log(ETMEMD_LOG_ERR, "config file : %s permissions do not meet requirements." + "Only support 600 or 400\n", resolve_path); + return OPT_INVAL; + } + + if (file_size_check(resolve_path, MAX_CONFIG_FILE_SIZE) != 0) { + etmemd_log(ETMEMD_LOG_ERR, "config file: %s is too big.", resolve_path); + return OPT_INVAL; + } + config = g_key_file_new(); if (config == NULL) { etmemd_log(ETMEMD_LOG_ERR, "get empty config file fail\n"); return OPT_INTER_ERR; } - if (g_key_file_load_from_file(config, file_name, G_KEY_FILE_NONE, NULL) == FALSE) { + if (g_key_file_load_from_file(config, resolve_path, G_KEY_FILE_NONE, NULL) == FALSE) { etmemd_log(ETMEMD_LOG_ERR, "load config file fail\n"); ret = OPT_INTER_ERR; goto free_file; -- 1.8.3.1