Junio C Hamano schrieb:
> Johannes Sixt <j.sixt@xxxxxxxxxxxxx> writes:
>
>> Any request to the daemon would fail if either interpolated-path or
>> base-path (if specified) would not be absolute. Hence, we can check those
>> paths for validity upfront and not start the daemon at all if the paths are
>> invalid.
>>
>> Additionally, we now check that the base-path is an existing directory.
>
> Looks good. Thanks.
I just discovered that this patch is crap. Please drop it!
We must not remove the checks from path_ok() because they verify the
*client-supplied* part of the path, which must be absolute.
Nevertheless, it would be useful to verify that --base-path points to an
existing directory. What I actually wanted to implement is this:
-- >8 --
daemon: ensure that base-path is an existing directory
Any request to the daemon would fail if base-path (if specified) is not
a directory. We now check for this condition early.
Signed-off-by: Johannes Sixt <johannes.sixt@xxxxxxxxxx>
---
daemon.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/daemon.c b/daemon.c
index dd0177f..2b4a6f1 100644
--- a/daemon.c
+++ b/daemon.c
@@ -1184,6 +1184,14 @@ int main(int argc, char **argv)
if (strict_paths && (!ok_paths || !*ok_paths))
die("option --strict-paths requires a whitelist");
+ if (base_path) {
+ struct stat st;
+
+ if (stat(base_path, &st) || !S_ISDIR(st.st_mode))
+ die("base-path '%s' does not exist or "
+ "is not a directory", base_path);
+ }
+
if (inetd_mode) {
struct sockaddr_storage ss;
struct sockaddr *peer = (struct sockaddr *)&ss;
--
1.5.4.3.231.g5d43e
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
