etmem/0078-etmem-add-config-file-permission-check.patch

From 1e7058d6f063b57ef93664ff89aca2d0c760bcd7 Mon Sep 17 00:00:00 2001
From: liubo <liubo254@huawei.com>
Date: Tue, 24 May 2022 19:26:56 +0800
Subject: [PATCH 28/33] etmem: add config file permission check

Add permission verification and file size check in the
config file paring process.

Signed-off-by: liubo <liubo254@huawei.com>
---
 etmem/inc/etmemd_inc/etmemd_common.h |  3 +++
 etmem/src/etmemd_src/etmemd_common.c | 27 +++++++++++++++++++++++++++
 etmem/src/etmemd_src/etmemd_rpc.c    | 14 +++++++++++++-
 3 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/etmem/inc/etmemd_inc/etmemd_common.h b/etmem/inc/etmemd_inc/etmemd_common.h
index db71446..f3808b3 100644
--- a/etmem/inc/etmemd_inc/etmemd_common.h
+++ b/etmem/inc/etmemd_inc/etmemd_common.h
@@ -37,6 +37,7 @@
 #define KB_TO_BYTE(s)                   ((s) << 10)
 #define GB_TO_KB(s)                     ((s) << 20)
 
+#define MAX_CONFIG_FILE_SIZE            (KB_TO_BYTE(10 * 1024))
 #define MAX_SWAPCACHE_WMARK_VALUE       100
 
 #define ARRAY_SIZE(array)               (sizeof(array) / sizeof((array)[0]))
@@ -83,4 +84,6 @@ int dprintf_all(int fd, const char *format, ...);
 
 int get_swap_threshold_inKB(const char *string, unsigned long *value);
 int file_permission_check(const char *file_path, mode_t mode);
+int file_size_check(const char *file_path, off_t size);
+
 #endif
diff --git a/etmem/src/etmemd_src/etmemd_common.c b/etmem/src/etmemd_src/etmemd_common.c
index ab9a05b..a12a43f 100644
--- a/etmem/src/etmemd_src/etmemd_common.c
+++ b/etmem/src/etmemd_src/etmemd_common.c
@@ -593,3 +593,30 @@ int file_permission_check(const char *file_path, mode_t mode)
     return 0;
 }
 
+int file_size_check(const char *file_path, off_t size)
+{
+    struct stat buf = {0};
+
+    if (file_path == NULL || size <= 0) {
+        etmemd_log(ETMEMD_LOG_ERR, "file_size_check failed, invalid para\n");
+        return -1;
+    }
+
+    if (access(file_path, F_OK) != 0) {
+        etmemd_log(ETMEMD_LOG_ERR, "no such file: %s\n", file_path);
+        return -1;
+    }
+
+    if (stat(file_path, &buf) != 0) {
+        etmemd_log(ETMEMD_LOG_ERR, "get file : %s stat failed.\n", file_path);
+        return -1;
+    }
+
+    if (buf.st_size > size) {
+        etmemd_log(ETMEMD_LOG_WARN, "file : %s is too big.\n", file_path);
+        return -1;
+    }
+
+    return 0;
+}
+
diff --git a/etmem/src/etmemd_src/etmemd_rpc.c b/etmem/src/etmemd_src/etmemd_rpc.c
index 6b23059..780ddce 100644
--- a/etmem/src/etmemd_src/etmemd_rpc.c
+++ b/etmem/src/etmemd_src/etmemd_rpc.c
@@ -181,13 +181,25 @@ static enum opt_result handle_obj_cmd(char *file_name, enum cmd_type type)
         return OPT_INVAL;
     }
 
+    if (file_permission_check(resolve_path, S_IRUSR) != 0 &&
+        file_permission_check(resolve_path, S_IRUSR | S_IWUSR) != 0) {
+        etmemd_log(ETMEMD_LOG_ERR, "config file : %s permissions do not meet requirements."
+                                   "Only support 600 or 400\n", resolve_path);
+        return OPT_INVAL;
+    }
+
+    if (file_size_check(resolve_path, MAX_CONFIG_FILE_SIZE) != 0) {
+        etmemd_log(ETMEMD_LOG_ERR, "config file: %s is too big.", resolve_path);
+        return OPT_INVAL;
+    }
+
     config = g_key_file_new();
     if (config == NULL) {
         etmemd_log(ETMEMD_LOG_ERR, "get empty config file fail\n");
         return OPT_INTER_ERR;
     }
 
-    if (g_key_file_load_from_file(config, file_name, G_KEY_FILE_NONE, NULL) == FALSE) {
+    if (g_key_file_load_from_file(config, resolve_path, G_KEY_FILE_NONE, NULL) == FALSE) {
         etmemd_log(ETMEMD_LOG_ERR, "load config file fail\n");
         ret = OPT_INTER_ERR;
         goto free_file;
-- 
1.8.3.1