Re: unbound-anchor: problem with unveiling temporary anchor file

Mon, 07 Oct 2019 03:49:10 -0700 

On 2019/10/07 12:30, Florian Obser wrote:
> On Mon, Oct 07, 2019 at 11:16:22AM +0100, Stuart Henderson wrote:
> > On 2019/10/07 09:53, Theo Buehler wrote:
> > > $ doas /usr/sbin/unbound-anchor -v
> > > /var/unbound/db/root.key has content
> > > [1570433629] libunbound[28321:0] fatal error: could not open autotrust 
> > > file for writing, /var/unbound/db/root.key.28321-0-1966ee948e00: No such 
> > > file or directory
> > > 
> > > The problem is the following change that came with the update to 1.9.3:
> > > 
> > >         - Add hex print of trust anchor pointer to trust anchor file temp
> > >           name to make it unique, for libunbound created multiple 
> > > contexts.
> > > 
> > > See 
> > > https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/unbound/validator/autotrust.c.diff?r1=1.10&r2=1.11
> > > 
> > > Thus, the unveil code in smallapp/unbound-anchor.c needs some
> > > adjustment.
> > > 
> > >   if (asprintf(&root_anchor_tempfile, "%s.%d-0", root_anchor_file,
> > >       getpid()) == -1) {
> > >           if(verb) printf("out of memory\n");
> > >           exit(0);
> > >   }
> > > 
> > >   if (unveil(root_anchor_file, "rwc") == -1)
> > >           err(1, "unveil");
> > >   if (unveil(root_anchor_tempfile, "rwc") == -1)
> > >           err(1, "unveil");
> > > 
> > > The problem is that tp used for tempfile generation is not yet known at
> > > that point. Not sure how best to deal with this.
> > 
> > Just unveil the directory?
> 
> yes, however dirname(3) has this:
> 
> CAVEATS
>      Other vendor implementations of dirname() may modify the contents of the
>      string passed to dirname(); this should be taken into account when
>      writing code which calls this function if portability is desired.
> 
> I think we want a strdup here.

done, though it is openbsd-only code (and added some frees).

Index: smallapp/unbound-anchor.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/smallapp/unbound-anchor.c,v
retrieving revision 1.12
diff -u -p -r1.12 unbound-anchor.c
--- smallapp/unbound-anchor.c   10 Jan 2019 12:13:44 -0000      1.12
+++ smallapp/unbound-anchor.c   7 Oct 2019 10:47:14 -0000
@@ -116,6 +116,7 @@
  */
 
 #include <err.h>
+#include <libgen.h>
 #include <unistd.h>
 
 #include "config.h"
@@ -2284,7 +2285,8 @@ int main(int argc, char* argv[])
        const char* res_conf = NULL;
        const char* root_hints = NULL;
        const char* debugconf = NULL;
-       char* root_anchor_tempfile;
+       char* root_anchor_temppath;
+       char* s;
        int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT;
        int res_conf_fallback = 0;
        /* parse the options */
@@ -2370,16 +2372,16 @@ int main(int argc, char* argv[])
 
        if(dolist) do_list_builtin();
 
-       if (asprintf(&root_anchor_tempfile, "%s.%d-0", root_anchor_file,
-           getpid()) == -1) {
+       s = strdup(root_anchor_file);
+       if (s == NULL ||
+           asprintf(&root_anchor_temppath, "%s", dirname(s)) == -1) {
                if(verb) printf("out of memory\n");
                exit(0);
        }
-
-       if (unveil(root_anchor_file, "rwc") == -1)
-               err(1, "unveil");
-       if (unveil(root_anchor_tempfile, "rwc") == -1)
+       if (unveil(root_anchor_temppath, "rwc") == -1)
                err(1, "unveil");
+       free(root_anchor_temppath);
+       free(s);
        if (unveil(root_cert_file, "r") == -1)
                err(1, "unveil");
        if (res_conf != NULL && unveil(res_conf, "r") == -1)

Reply via email to