fix security issue that predictable filenames with system
This commit is contained in:
parent
42b8efbe94
commit
1534ab472a
|
|
@ -32,6 +32,8 @@
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <sys/syslog.h>
|
#include <sys/syslog.h>
|
||||||
#include <pwd.h>
|
#include <pwd.h>
|
||||||
|
#include <sys/wait.h>
|
||||||
|
#include <errno.h>
|
||||||
|
|
||||||
//获取网络接口名
|
//获取网络接口名
|
||||||
ifname *kylin_network_get_ifacename()
|
ifname *kylin_network_get_ifacename()
|
||||||
|
|
@ -194,19 +196,43 @@ activecon *kylin_network_get_activecon_info()
|
||||||
struct passwd *pwd;
|
struct passwd *pwd;
|
||||||
pwd = getpwuid(getuid());
|
pwd = getpwuid(getuid());
|
||||||
char *name = pwd->pw_name;
|
char *name = pwd->pw_name;
|
||||||
char *tmpPrefix = "/tmp/kylin-nm-activecon-";
|
char tmpTemplate[] = "/tmp/kylin-nm-activecon-XXXXXX";
|
||||||
char *chr = "nmcli connection show -active > ";
|
int fd = mkstemp(tmpTemplate);
|
||||||
|
if (fd == -1) {
|
||||||
|
syslog(LOG_ERR, "mkstemp() failed in kylin_network_get_activecon_info: %s", strerror(errno));
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
char *cmd;
|
pid_t pid = fork();
|
||||||
asprintf(&cmd, "%s%s%s", chr, tmpPrefix, name);
|
if (pid == -1) {
|
||||||
char *path;
|
syslog(LOG_ERR, "fork() in kylin_network_get_activecon_info failed");
|
||||||
asprintf(&path, "%s%s", tmpPrefix, name);
|
close(fd);
|
||||||
int status = system(cmd);
|
unlink(tmpTemplate);
|
||||||
if (status != 0)
|
return NULL;
|
||||||
syslog(LOG_ERR, "execute 'nmcli connection show -active' in function 'kylin_network_get_activecon_info' failed");
|
} else if (pid == 0) {
|
||||||
free(cmd);
|
//Child process
|
||||||
|
dup2(fd, STDOUT_FILENO);
|
||||||
|
close(fd);
|
||||||
|
|
||||||
char *filename = path;
|
execlp("nmcli", "nmcli", "connection", "show", "--active",(char *)NULL);
|
||||||
|
|
||||||
|
// If execlp() fails
|
||||||
|
syslog(LOG_ERR, "execlp() failed");
|
||||||
|
_exit(EXIT_FAILURE);
|
||||||
|
} else {
|
||||||
|
// Parent process
|
||||||
|
int status;
|
||||||
|
waitpid(pid, &status, 0);
|
||||||
|
if (status !=0 ) {
|
||||||
|
syslog(LOG_ERR, "execute 'nmcli connection show --active' in 'kylin_network_get_activecon_info' failed");
|
||||||
|
close(fd);
|
||||||
|
unlink(tmpTemplate);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
close(fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
char *filename = strdup(tmpTemplate);
|
||||||
|
|
||||||
FILE *activefp;
|
FILE *activefp;
|
||||||
int activenum=0;
|
int activenum=0;
|
||||||
|
|
@ -233,7 +259,6 @@ activecon *kylin_network_get_activecon_info()
|
||||||
printf("error!");
|
printf("error!");
|
||||||
|
|
||||||
}
|
}
|
||||||
free(path);
|
|
||||||
|
|
||||||
fgets(StrLine,1024,fp);
|
fgets(StrLine,1024,fp);
|
||||||
while(!feof(fp))
|
while(!feof(fp))
|
||||||
|
|
@ -325,6 +350,8 @@ activecon *kylin_network_get_activecon_info()
|
||||||
}
|
}
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
|
|
||||||
|
unlink(tmpTemplate);
|
||||||
|
|
||||||
activelist[count].con_name=NULL;
|
activelist[count].con_name=NULL;
|
||||||
activelist[count].type=NULL;
|
activelist[count].type=NULL;
|
||||||
activelist[count].dev=NULL;
|
activelist[count].dev=NULL;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue