On Thu, Jan 13, 2011 at 04:02:47PM +0100, Henning Brauer wrote:
> the check is dirt cheap, so that is not the point.
>
> the aforementioned discussion is just being revived ;)
no problem then, here's the new one
--
Martin Pelikan
Index: parse.y
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.258
diff -u -p -r1.258 parse.y
--- parse.y 2 Sep 2010 14:03:21 -0000 1.258
+++ parse.y 13 Jan 2011 15:11:04 -0000
@@ -50,9 +50,8 @@ static struct file {
int lineno;
int errors;
} *file, *topfile;
-struct file *pushfile(const char *, int);
+struct file *pushfile(const char *);
int popfile(void);
-int check_file_secrecy(int, const char *);
int yyparse(void);
int yylex(void);
int yyerror(const char *, ...);
@@ -312,7 +311,7 @@ varset : STRING '=' string {
include : INCLUDE STRING {
struct file *nfile;
- if ((nfile = pushfile($2, 1)) == NULL) {
+ if ((nfile = pushfile($2)) == NULL) {
yyerror("failed to include file %s", $2);
free($2);
YYERROR;
@@ -2471,28 +2470,8 @@ nodigits:
return (c);
}
-int
-check_file_secrecy(int fd, const char *fname)
-{
- struct stat st;
-
- if (fstat(fd, &st)) {
- log_warn("cannot stat %s", fname);
- return (-1);
- }
- if (st.st_uid != 0 && st.st_uid != getuid()) {
- log_warnx("%s: owner not root or current user", fname);
- return (-1);
- }
- if (st.st_mode & (S_IRWXG | S_IRWXO)) {
- log_warnx("%s: group/world readable/writeable", fname);
- return (-1);
- }
- return (0);
-}
-
struct file *
-pushfile(const char *name, int secret)
+pushfile(const char *name)
{
struct file *nfile;
@@ -2511,13 +2490,6 @@ pushfile(const char *name, int secret)
free(nfile);
return (NULL);
}
- if (secret &&
- check_file_secrecy(fileno(nfile->stream), nfile->name)) {
- fclose(nfile->stream);
- free(nfile->name);
- free(nfile);
- return (NULL);
- }
nfile->lineno = 1;
TAILQ_INSERT_TAIL(&files, nfile, entry);
return (nfile);
@@ -2558,7 +2530,7 @@ parse_config(char *filename, struct bgpd
conf->opts = xconf->opts;
conf->csock = strdup(SOCKET_NAME);
- if ((file = pushfile(filename, 1)) == NULL) {
+ if ((file = pushfile(filename)) == NULL) {
free(conf);
return (-1);
}
Index: parse.y
===================================================================
RCS file: /cvs/src/usr.sbin/ospfd/parse.y,v
retrieving revision 1.73
diff -u -p -r1.73 parse.y
--- parse.y 13 Dec 2010 13:43:37 -0000 1.73
+++ parse.y 13 Jan 2011 15:12:02 -0000
@@ -50,9 +50,8 @@ static struct file {
int lineno;
int errors;
} *file, *topfile;
-struct file *pushfile(const char *, int);
+struct file *pushfile(const char *);
int popfile(void);
-int check_file_secrecy(int, const char *);
int yyparse(void);
int yylex(void);
int yyerror(const char *, ...);
@@ -149,7 +148,7 @@ grammar : /* empty */
include : INCLUDE STRING {
struct file *nfile;
- if ((nfile = pushfile($2, 1)) == NULL) {
+ if ((nfile = pushfile($2)) == NULL) {
yyerror("failed to include file %s", $2);
free($2);
YYERROR;
@@ -999,28 +998,8 @@ nodigits:
return (c);
}
-int
-check_file_secrecy(int fd, const char *fname)
-{
- struct stat st;
-
- if (fstat(fd, &st)) {
- log_warn("cannot stat %s", fname);
- return (-1);
- }
- if (st.st_uid != 0 && st.st_uid != getuid()) {
- log_warnx("%s: owner not root or current user", fname);
- return (-1);
- }
- if (st.st_mode & (S_IRWXG | S_IRWXO)) {
- log_warnx("%s: group/world readable/writeable", fname);
- return (-1);
- }
- return (0);
-}
-
struct file *
-pushfile(const char *name, int secret)
+pushfile(const char *name)
{
struct file *nfile;
@@ -1038,12 +1017,6 @@ pushfile(const char *name, int secret)
free(nfile->name);
free(nfile);
return (NULL);
- } else if (secret &&
- check_file_secrecy(fileno(nfile->stream), nfile->name)) {
- fclose(nfile->stream);
- free(nfile->name);
- free(nfile);
- return (NULL);
}
nfile->lineno = 1;
TAILQ_INSERT_TAIL(&files, nfile, entry);
@@ -1092,7 +1065,7 @@ parse_config(char *filename, int opts)
conf->spf_hold_time = DEFAULT_SPF_HOLDTIME;
conf->spf_state = SPF_IDLE;
- if ((file = pushfile(filename, !(conf->opts & OSPFD_OPT_NOACTION))) ==
NULL) {
+ if ((file = pushfile(filename)) == NULL) {
free(conf);
return (NULL);
}
Index: parse.y
===================================================================
RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
retrieving revision 1.20
diff -u -p -r1.20 parse.y
--- parse.y 13 Dec 2010 13:43:37 -0000 1.20
+++ parse.y 13 Jan 2011 15:13:08 -0000
@@ -52,9 +52,8 @@ static struct file {
int lineno;
int errors;
} *file, *topfile;
-struct file *pushfile(const char *, int);
+struct file *pushfile(const char *);
int popfile(void);
-int check_file_secrecy(int, const char *);
int yyparse(void);
int yylex(void);
int yyerror(const char *, ...);
@@ -796,28 +795,8 @@ nodigits:
return (c);
}
-int
-check_file_secrecy(int fd, const char *fname)
-{
- struct stat st;
-
- if (fstat(fd, &st)) {
- log_warn("cannot stat %s", fname);
- return (-1);
- }
- if (st.st_uid != 0 && st.st_uid != getuid()) {
- log_warnx("%s: owner not root or current user", fname);
- return (-1);
- }
- if (st.st_mode & (S_IRWXG | S_IRWXO)) {
- log_warnx("%s: group/world readable/writeable", fname);
- return (-1);
- }
- return (0);
-}
-
struct file *
-pushfile(const char *name, int secret)
+pushfile(const char *name)
{
struct file *nfile;
@@ -835,12 +814,6 @@ pushfile(const char *name, int secret)
free(nfile->name);
free(nfile);
return (NULL);
- } else if (secret &&
- check_file_secrecy(fileno(nfile->stream), nfile->name)) {
- fclose(nfile->stream);
- free(nfile->name);
- free(nfile);
- return (NULL);
}
nfile->lineno = 1;
TAILQ_INSERT_TAIL(&files, nfile, entry);
@@ -887,7 +860,7 @@ parse_config(char *filename, int opts)
conf->spf_hold_time = DEFAULT_SPF_HOLDTIME;
conf->spf_state = SPF_IDLE;
- if ((file = pushfile(filename, !(conf->opts & OSPFD_OPT_NOACTION))) ==
NULL) {
+ if ((file = pushfile(filename)) == NULL) {
free(conf);
return (NULL);
}
