1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
/* indir.c
See if a file is in a directory.
Copyright (C) 1992 Ian Lance Taylor
This file is part of the Taylor UUCP package.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
The author of the program may be contacted at ian@airs.com.
*/
#include "uucp.h"
#include "uudefs.h"
#include "sysdep.h"
#include "system.h"
#include <errno.h>
�
/* See whether a file is in a directory, and optionally check access. */
boolean
fsysdep_in_directory (zfile, zdir, fcheck, freadable, zuser)
const char *zfile;
const char *zdir;
boolean fcheck;
boolean freadable;
const char *zuser;
{
size_t c;
char *zcopy, *zslash;
struct stat s;
if (*zfile != '/')
return FALSE;
c = strlen (zdir);
if (c > 0 && zdir[c - 1] == '/')
c--;
if (strncmp (zfile, zdir, c) != 0
|| (zfile[c] != '/' && zfile[c] != '\0'))
return FALSE;
if (strstr (zfile + c, "/../") != NULL)
return FALSE;
/* If we're not checking access, get out now. */
if (! fcheck)
return TRUE;
zcopy = zbufcpy (zfile);
/* Start checking directories after zdir. Otherwise, we would
require that all directories down to /usr/spool/uucppublic be
publically searchable; they probably are but it should not be a
requirement. */
zslash = zcopy + c;
do
{
char b;
struct stat shold;
b = *zslash;
*zslash = '\0';
shold = s;
if (stat (zcopy, &s) != 0)
{
if (errno != ENOENT)
{
ulog (LOG_ERROR, "stat (%s): %s", zcopy, strerror (errno));
ubuffree (zcopy);
return FALSE;
}
/* If this is the top directory, any problems will be caught
later when we try to open it. */
if (zslash == zcopy + c)
{
ubuffree (zcopy);
return TRUE;
}
/* Go back and check the last directory for read or write
access. */
s = shold;
break;
}
/* If this is not a directory, get out of the loop. */
if (! S_ISDIR (s.st_mode))
break;
/* Make sure the directory is searchable. */
if (! fsuser_access (&s, X_OK, zuser))
{
ulog (LOG_ERROR, "%s: %s", zcopy, strerror (EACCES));
ubuffree (zcopy);
return FALSE;
}
/* If we've reached the end of the string, get out. */
if (b == '\0')
break;
*zslash = b;
}
while ((zslash = strchr (zslash + 1, '/')) != NULL);
/* At this point s holds a stat on the last component of the path.
We must check it for readability or writeability. */
if (! fsuser_access (&s, freadable ? R_OK : W_OK, zuser))
{
ulog (LOG_ERROR, "%s: %s", zcopy, strerror (EACCES));
ubuffree (zcopy);
return FALSE;
}
ubuffree (zcopy);
return TRUE;
}
|
