On Wed, Jan 03, 2018 at 08:03:56PM -0800, Carlos Cardenas wrote:
> Howdy.
>
> Attached is a patch to address a TOCTOU issue with checking to
> ensure disks are regular files, reported by jca@ .
>
> Comments? Ok?
>
> +--+
> Carlos
> Index: config.c
> ===================================================================
> RCS file: /home/los/cvs/src/usr.sbin/vmd/config.c,v
> retrieving revision 1.38
> diff -u -p -a -u -r1.38 config.c
> --- config.c 3 Jan 2018 05:39:56 -0000 1.38
> +++ config.c 4 Jan 2018 03:55:47 -0000
> @@ -262,23 +262,23 @@ config_setvm(struct privsep *ps, struct
> /* Open disk images for child */
> for (i = 0 ; i < vcp->vcp_ndisks; i++) {
> /* Stat disk[i] to ensure it is a regular file */
> - if (stat(vcp->vcp_disks[i], &stat_buf) == -1) {
> + if ((diskfds[i] =
> + open(vcp->vcp_disks[i], O_RDWR)) == -1) {
O_RDONLY? Or do we actually support the SCSI write commands (ala
writing ISO images?)
> log_warn("%s: can't open disk %s", __func__,
> vcp->vcp_disks[i]);
> errno = VMD_DISK_MISSING;
> goto fail;
> }
> - if (S_ISREG(stat_buf.st_mode) == 0) {
> - log_warn("%s: disk %s is not a regular file", __func__,
> + if (fstat(diskfds[i], &stat_buf) == -1) {
> + log_warn("%s: can't open disk %s", __func__,
> vcp->vcp_disks[i]);
> - errno = VMD_DISK_INVALID;
> + errno = VMD_DISK_MISSING;
I'd probably stick with INVALID here since technically the image is not
really "missing"
> goto fail;
> }
> - if ((diskfds[i] =
> - open(vcp->vcp_disks[i], O_RDWR)) == -1) {
> - log_warn("%s: can't open disk %s", __func__,
> + if (S_ISREG(stat_buf.st_mode) == 0) {
> + log_warn("%s: disk %s is not a regular file", __func__,
> vcp->vcp_disks[i]);
> - errno = VMD_DISK_MISSING;
> + errno = VMD_DISK_INVALID;
> goto fail;
> }
> }
ok mlarkin otherwise
