[tor-commits] [tor/master] sandbox: Correct fix for hs part of 12064

Fri May 23 15:47:50 UTC 2014

commit 824bebd40954d2f766a7b37e6b4d206f9b682ed9
Author: Nick Mathewson <nickm at torproject.org>
Date:   Fri May 23 11:46:44 2014 -0400

    sandbox: Correct fix for hs part of 12064
    
    Bugfix on cfd0ee514c279bc6c7b; bug not in any released version of tor
---
 src/or/main.c        |   21 ++++++++++++++++++++-
 src/or/rendservice.c |   10 +++++++---
 src/or/rendservice.h |    3 ++-
 3 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/src/or/main.c b/src/or/main.c
index 4ac7781..8b79c42 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2833,7 +2833,6 @@ sandbox_init_filter(void)
   {
     smartlist_t *files = smartlist_new();
     tor_log_get_logfile_names(files);
-    rend_services_add_filenames_to_list(files);
     SMARTLIST_FOREACH(files, char *, file_name, {
       /* steals reference */
       sandbox_cfg_allow_open_filename(&cfg, file_name);
@@ -2842,6 +2841,26 @@ sandbox_init_filter(void)
   }
 
   {
+    smartlist_t *files = smartlist_new();
+    smartlist_t *dirs = smartlist_new();
+    rend_services_add_filenames_to_lists(files, dirs);
+    SMARTLIST_FOREACH(files, char *, file_name, {
+      char *tmp_name = NULL;
+      tor_asprintf(&tmp_name, "%s.tmp", file_name);
+      sandbox_cfg_allow_rename(&cfg,
+                               tor_strdup(tmp_name), tor_strdup(file_name));
+      /* steals references */
+      sandbox_cfg_allow_open_filename_array(&cfg, file_name, tmp_name, NULL);
+    });
+    SMARTLIST_FOREACH(dirs, char *, dir, {
+      /* steals reference */
+      sandbox_cfg_allow_stat_filename(&cfg, dir);
+    });
+    smartlist_free(files);
+    smartlist_free(dirs);
+  }
+
+  {
     char *fname;
     if ((fname = get_controller_cookie_file_name())) {
       sandbox_cfg_allow_open_filename(&cfg, fname);
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 631e2a0..a7c1e32 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -670,14 +670,18 @@ rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s)
                          s->directory);
 }
 
-/** Add to <b>lst</b> every filename used by a configured hidden service */
+/** Add to <b>open_lst</b> every filename used by a configured hidden service,
+ * and to <b>stat_lst</b> every directory used by a configured hidden
+ * service */
 void
-rend_services_add_filenames_to_list(smartlist_t *lst)
+rend_services_add_filenames_to_lists(smartlist_t *open_lst,
+                                     smartlist_t *stat_lst)
 {
   if (!rend_service_list)
     return;
   SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) {
-    rend_service_add_filenames_to_list(lst, s);
+    rend_service_add_filenames_to_list(open_lst, s);
+    smartlist_add(stat_lst, tor_strdup(s->directory));
   } SMARTLIST_FOREACH_END(s);
 }
 
diff --git a/src/or/rendservice.h b/src/or/rendservice.h
index e8a9536..40198b0 100644
--- a/src/or/rendservice.h
+++ b/src/or/rendservice.h
@@ -71,7 +71,8 @@ struct rend_intro_cell_s {
 int num_rend_services(void);
 int rend_config_services(const or_options_t *options, int validate_only);
 int rend_service_load_all_keys(void);
-void rend_services_add_filenames_to_list(smartlist_t *lst);
+void rend_services_add_filenames_to_lists(smartlist_t *open_lst,
+                                          smartlist_t *stat_lst);
 void rend_services_introduce(void);
 void rend_consider_services_upload(time_t now);
 void rend_hsdir_routers_changed(void);

