[Pkg-gnupg-commit] [gnupg2] 59/205: g13: Run mount after dmsetup.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed May 11 08:38:15 UTC 2016


This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gnupg2.

commit f26867928c451443769fecc41c3283e077e8c49f
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Feb 22 10:56:27 2016 +0100

    g13: Run mount after dmsetup.
    
    * g13/g13-syshelp.c (main): Reject userids with a slash.
    * g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Run mount if a
    mountpoint is known.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 g13/g13-syshelp.c | 26 +++++++++++++++++---------
 g13/sh-dmcrypt.c  | 40 ++++++++++++++++++++++++++++++++++------
 2 files changed, 51 insertions(+), 15 deletions(-)

diff --git a/g13/g13-syshelp.c b/g13/g13-syshelp.c
index b31964e..645730f 100644
--- a/g13/g13-syshelp.c
+++ b/g13/g13-syshelp.c
@@ -512,15 +512,23 @@ main ( int argc, char **argv)
           ctrl.client.uid = (uid_t)myuid;
       }
 
-      pwd = getpwuid (ctrl.client.uid);
-      if (!pwd || !*pwd->pw_name)
-        {
-          log_info ("WARNING: Name for UID not found: %s\n", strerror (errno));
-          ctrl.fail_all_cmds = 1;
-          ctrl.client.uname = xstrdup ("?");
-        }
-      else
-        ctrl.client.uname = xstrdup (pwd->pw_name);
+    pwd = getpwuid (ctrl.client.uid);
+    if (!pwd || !*pwd->pw_name)
+      {
+        log_info ("WARNING: Name for UID not found: %s\n", strerror (errno));
+        ctrl.fail_all_cmds = 1;
+        ctrl.client.uname = xstrdup ("?");
+      }
+    else
+      ctrl.client.uname = xstrdup (pwd->pw_name);
+
+    /* Check that the user name does not contain a directory
+       separator. */
+    if (strchr (ctrl.client.uname, '/'))
+      {
+        log_info ("WARNING: Invalid user name passed\n");
+        ctrl.fail_all_cmds = 1;
+      }
   }
 #else /*!HAVE_PWD_H || !HAVE_GETPWUID*/
   log_info ("WARNING: System does not support required syscalls\n");
diff --git a/g13/sh-dmcrypt.c b/g13/sh-dmcrypt.c
index e4d67ae..9510a81 100644
--- a/g13/sh-dmcrypt.c
+++ b/g13/sh-dmcrypt.c
@@ -532,7 +532,8 @@ sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,
                             tupledesc_t keyblob)
 {
   gpg_error_t err;
-  char *targetname = NULL;
+  char *targetname_abs = NULL;
+  const char *targetname;
   char hexkey[16*2+1];
   char *table = NULL;
   unsigned long long nblocks, nblocks2;
@@ -615,14 +616,19 @@ sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,
 
   /* Device mapper needs a name for the device: Take it from the label
      or use "0".  */
-  targetname = strconcat ("g13-", ctrl->client.uname, "-",
-                          ctrl->devti->label? ctrl->devti->label : "0",
-                          NULL);
-  if (!targetname)
+  targetname_abs = strconcat ("/dev/mapper/",
+                              "g13-", ctrl->client.uname, "-",
+                              ctrl->devti->label? ctrl->devti->label : "0",
+                              NULL);
+  if (!targetname_abs)
     {
       err = gpg_error_from_syserror ();
       goto leave;
     }
+  targetname = strrchr (targetname_abs, '/');
+  if (!targetname)
+    BUG ();
+  targetname++;
 
   /* Get the algorithm string.  */
   algostr = find_tuple (keyblob, KEYBLOB_TAG_ALGOSTR, &algostrlen);
@@ -675,6 +681,28 @@ sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,
     }
   if (result && *result)
     log_debug ("dmsetup result: %s\n", result);
+  xfree (result);
+  result = NULL;
+
+  /* Mount if a mountpoint has been given.  */
+  if (ctrl->devti->mountpoint)
+    {
+      const char *argv[3];
+
+      argv[0] = targetname_abs;
+      argv[1] = ctrl->devti->mountpoint;
+      argv[2] = NULL;
+      log_debug ("now running \"mount %s %s\"\n",
+                 targetname_abs, ctrl->devti->mountpoint);
+      err = gnupg_exec_tool ("/bin/mount", argv, NULL, &result, NULL);
+      if (err)
+        {
+          log_error ("error running mount: %s\n", gpg_strerror (err));
+          goto leave;
+        }
+      if (result && *result)  /* (We should not see output to stdout).  */
+        log_info ("WARNING: mount returned data on stdout! (%s)\n", result);
+    }
 
 
  leave:
@@ -684,7 +712,7 @@ sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,
       wipememory (table, strlen (table));
       xfree (table);
     }
-  xfree (targetname);
+  xfree (targetname_abs);
   xfree (result);
   return err;
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git



More information about the Pkg-gnupg-commit mailing list