commit 824bebd40954d2f766a7b37e6b4d206f9b682ed9 Author: Nick Mathewson <nickm@torproject.org> Date: Fri May 23 11:46:44 2014 -0400 sandbox: Correct fix for hs part of 12064 Bugfix on cfd0ee514c279bc6c7b; bug not in any released version of tor --- src/or/main.c | 21 ++++++++++++++++++++- src/or/rendservice.c | 10 +++++++--- src/or/rendservice.h | 3 ++- 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/src/or/main.c b/src/or/main.c index 4ac7781..8b79c42 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2833,7 +2833,6 @@ sandbox_init_filter(void) { smartlist_t *files = smartlist_new(); tor_log_get_logfile_names(files); - rend_services_add_filenames_to_list(files); SMARTLIST_FOREACH(files, char *, file_name, { /* steals reference */ sandbox_cfg_allow_open_filename(&cfg, file_name); @@ -2842,6 +2841,26 @@ sandbox_init_filter(void) } { + smartlist_t *files = smartlist_new(); + smartlist_t *dirs = smartlist_new(); + rend_services_add_filenames_to_lists(files, dirs); + SMARTLIST_FOREACH(files, char *, file_name, { + char *tmp_name = NULL; + tor_asprintf(&tmp_name, "%s.tmp", file_name); + sandbox_cfg_allow_rename(&cfg, + tor_strdup(tmp_name), tor_strdup(file_name)); + /* steals references */ + sandbox_cfg_allow_open_filename_array(&cfg, file_name, tmp_name, NULL); + }); + SMARTLIST_FOREACH(dirs, char *, dir, { + /* steals reference */ + sandbox_cfg_allow_stat_filename(&cfg, dir); + }); + smartlist_free(files); + smartlist_free(dirs); + } + + { char *fname; if ((fname = get_controller_cookie_file_name())) { sandbox_cfg_allow_open_filename(&cfg, fname); diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 631e2a0..a7c1e32 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -670,14 +670,18 @@ rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s) s->directory); } -/** Add to <b>lst</b> every filename used by a configured hidden service */ +/** Add to <b>open_lst</b> every filename used by a configured hidden service, + * and to <b>stat_lst</b> every directory used by a configured hidden + * service */ void -rend_services_add_filenames_to_list(smartlist_t *lst) +rend_services_add_filenames_to_lists(smartlist_t *open_lst, + smartlist_t *stat_lst) { if (!rend_service_list) return; SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) { - rend_service_add_filenames_to_list(lst, s); + rend_service_add_filenames_to_list(open_lst, s); + smartlist_add(stat_lst, tor_strdup(s->directory)); } SMARTLIST_FOREACH_END(s); } diff --git a/src/or/rendservice.h b/src/or/rendservice.h index e8a9536..40198b0 100644 --- a/src/or/rendservice.h +++ b/src/or/rendservice.h @@ -71,7 +71,8 @@ struct rend_intro_cell_s { int num_rend_services(void); int rend_config_services(const or_options_t *options, int validate_only); int rend_service_load_all_keys(void); -void rend_services_add_filenames_to_list(smartlist_t *lst); +void rend_services_add_filenames_to_lists(smartlist_t *open_lst, + smartlist_t *stat_lst); void rend_services_introduce(void); void rend_consider_services_upload(time_t now); void rend_hsdir_routers_changed(void);