Author: hrs
Date: Thu Jul 23 20:01:56 2015
New Revision: 285827
URL: https://svnweb.freebsd.org/changeset/base/285827
Log:
MFC r285261, r285279:
- Fix offset calculation in variable substitution
in jail.conf. The following did not work correctly:
A="A_${B}_C_${D}"
B="BBBBB"
D="DDDD_${E}_FFFFF"
E="EEEEE"
- Implement PF_IMMUTABLE flag and apply it to "name" and "jid" in
jail.conf parameters. This flag disallows redefinition of the parameter.
"name" and/or "jid" are automatically defined in jail.conf by using
the jail names at the front of jail parameter definitions. However,
one could override them by using a variable with the same name like
$name = "foo". This confused the parser and could end up with SIGSEGV.
Note that this change also affects a case when all of parameters are
defined in the command line arguments, not in jail.conf. Specifically,
"jail -c name=j1 name=j2" no longer works. This should be harmless.
Approved by: re (gjb)
Modified:
stable/10/usr.sbin/jail/config.c
stable/10/usr.sbin/jail/jailp.h
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/usr.sbin/jail/config.c
==============================================================================
--- stable/10/usr.sbin/jail/config.c Thu Jul 23 20:00:20 2015
(r285826)
+++ stable/10/usr.sbin/jail/config.c Thu Jul 23 20:01:56 2015
(r285827)
@@ -111,8 +111,8 @@ static const struct ipspec intparams[] =
#ifdef INET6
[KP_IP6_ADDR] = {"ip6.addr", 0},
#endif
- [KP_JID] = {"jid", 0},
- [KP_NAME] = {"name", 0},
+ [KP_JID] = {"jid", PF_IMMUTABLE},
+ [KP_NAME] = {"name", PF_IMMUTABLE},
[KP_PATH] = {"path", 0},
[KP_PERSIST] = {"persist", 0},
[KP_SECURELEVEL] = {"securelevel", 0},
@@ -130,9 +130,8 @@ load_config(void)
struct cfjail *j, *tj, *wj;
struct cfparam *p, *vp, *tp;
struct cfstring *s, *vs, *ns;
- struct cfvar *v;
+ struct cfvar *v, *vv;
char *ep;
- size_t varoff;
int did_self, jseq, pgen;
if (!strcmp(cfname, "-")) {
@@ -191,7 +190,6 @@ load_config(void)
p->gen = ++pgen;
find_vars:
TAILQ_FOREACH(s, &p->val, tq) {
- varoff = 0;
while ((v = STAILQ_FIRST(&s->vars))) {
TAILQ_FOREACH(vp, &j->params, tq)
if (!strcmp(vp->name, v->name))
@@ -233,11 +231,13 @@ load_config(void)
goto bad_var;
}
s->s = erealloc(s->s, s->len + vs->len + 1);
- memmove(s->s + v->pos + varoff + vs->len,
- s->s + v->pos + varoff,
- s->len - (v->pos + varoff) + 1);
- memcpy(s->s + v->pos + varoff, vs->s, vs->len);
- varoff += vs->len;
+ memmove(s->s + v->pos + vs->len,
+ s->s + v->pos,
+ s->len - v->pos + 1);
+ memcpy(s->s + v->pos, vs->s, vs->len);
+ vv = v;
+ while ((vv = STAILQ_NEXT(vv, tq)))
+ vv->pos += vs->len;
s->len += vs->len;
while ((vs = TAILQ_NEXT(vs, tq))) {
ns = emalloc(sizeof(struct cfstring));
@@ -362,6 +362,11 @@ add_param(struct cfjail *j, const struct
break;
if (dp != NULL) {
/* Found it - append or replace. */
+ if (dp->flags & PF_IMMUTABLE) {
+ jail_warnx(j, "cannot redefine variable \"%s\".",
+ dp->name);
+ return;
+ }
if (strcmp(dp->name, name)) {
free(dp->name);
dp->name = estrdup(name);
Modified: stable/10/usr.sbin/jail/jailp.h
==============================================================================
--- stable/10/usr.sbin/jail/jailp.h Thu Jul 23 20:00:20 2015
(r285826)
+++ stable/10/usr.sbin/jail/jailp.h Thu Jul 23 20:01:56 2015
(r285827)
@@ -51,6 +51,7 @@
#define PF_INT 0x20 /* Integer parameter */
#define PF_CONV 0x40 /* Parameter duplicated in converted
form */
#define PF_REV 0x80 /* Run commands in reverse order on stopping */
+#define PF_IMMUTABLE 0x100 /* Immutable parameter */
#define JF_START 0x0001 /* -c */
#define JF_SET 0x0002 /* -m */
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
