db, audit: audit symlinks (by hash of the link target)
parent
949d375aa9
commit
addae04c26
|
@ -77,7 +77,7 @@ static int add_main(void *ctx, struct apk_database *db, int argc, char **argv)
|
|||
}
|
||||
virtpkg->name = apk_db_get_name(db, APK_BLOB_STR(actx->virtpkg));
|
||||
apk_blob_checksum(APK_BLOB_STR(virtpkg->name->name),
|
||||
apk_default_checksum(), &virtpkg->csum);
|
||||
apk_checksum_default(), &virtpkg->csum);
|
||||
virtpkg->version = strdup("0");
|
||||
virtpkg->description = strdup("virtual meta package");
|
||||
apk_dep_from_pkg(&virtdep, db, virtpkg);
|
||||
|
|
|
@ -27,6 +27,7 @@ typedef int (*apk_blob_cb)(void *ctx, apk_blob_t blob);
|
|||
#define APK_CHECKSUM_NONE 0
|
||||
#define APK_CHECKSUM_MD5 16
|
||||
#define APK_CHECKSUM_SHA1 20
|
||||
#define APK_CHECKSUM_DEFAULT APK_CHECKSUM_SHA1
|
||||
|
||||
/* Internal cointainer for MD5 or SHA1 */
|
||||
struct apk_checksum {
|
||||
|
@ -34,12 +35,7 @@ struct apk_checksum {
|
|||
unsigned char type;
|
||||
};
|
||||
|
||||
static inline const EVP_MD *apk_default_checksum(void)
|
||||
{
|
||||
return EVP_sha1();
|
||||
}
|
||||
|
||||
static inline const EVP_MD *apk_get_digest(int type)
|
||||
static inline const EVP_MD *apk_checksum_evp(int type)
|
||||
{
|
||||
switch (type) {
|
||||
case APK_CHECKSUM_MD5:
|
||||
|
@ -50,6 +46,11 @@ static inline const EVP_MD *apk_get_digest(int type)
|
|||
return EVP_md_null();
|
||||
}
|
||||
|
||||
static inline const EVP_MD *apk_checksum_default(void)
|
||||
{
|
||||
return apk_checksum_evp(APK_CHECKSUM_DEFAULT);
|
||||
}
|
||||
|
||||
#define APK_BLOB_IS_NULL(blob) ((blob).ptr == NULL)
|
||||
|
||||
#define APK_BLOB_NULL ((apk_blob_t){0, NULL})
|
||||
|
|
|
@ -205,7 +205,7 @@ int apk_tar_parse(struct apk_istream *is, apk_archive_entry_parser parser,
|
|||
/* callback parser function */
|
||||
if (teis.csum != NULL)
|
||||
EVP_DigestInit_ex(&teis.mdctx,
|
||||
apk_default_checksum(), NULL);
|
||||
apk_checksum_default(), NULL);
|
||||
|
||||
r = parser(ctx, &entry, &teis.is);
|
||||
free(entry.name);
|
||||
|
|
|
@ -1319,7 +1319,7 @@ int apk_db_add_repository(apk_database_t _db, apk_blob_t repository)
|
|||
if (apk_url_local_file(repo->url) == NULL) {
|
||||
char cacheitem[PATH_MAX];
|
||||
|
||||
apk_blob_checksum(repository, apk_default_checksum(), &repo->csum);
|
||||
apk_blob_checksum(repository, apk_checksum_default(), &repo->csum);
|
||||
|
||||
if (apk_flags & APK_UPDATE_CACHE)
|
||||
apk_repository_update(db, repo);
|
||||
|
@ -1567,6 +1567,16 @@ static int apk_db_install_archive_entry(void *_ctx,
|
|||
struct apk_db_dir_instance *ldiri;
|
||||
struct hlist_node *n;
|
||||
|
||||
if (S_ISLNK(ae->mode)) {
|
||||
EVP_Digest(ae->link_target,
|
||||
strlen(ae->link_target),
|
||||
file->csum.data, NULL,
|
||||
apk_checksum_default(),
|
||||
NULL);
|
||||
file->csum.type = APK_CHECKSUM_DEFAULT;
|
||||
break;
|
||||
}
|
||||
|
||||
if (!apk_blob_rsplit(APK_BLOB_STR(ae->link_target),
|
||||
'/', &bdir, &bfile))
|
||||
break;
|
||||
|
|
15
src/io.c
15
src/io.c
|
@ -488,12 +488,25 @@ int apk_file_get_info(int atfd, const char *filename, unsigned int flags,
|
|||
if (checksum == APK_CHECKSUM_NONE)
|
||||
return 0;
|
||||
|
||||
if ((flags & APK_FI_NOFOLLOW) && S_ISLNK(st.st_mode)) {
|
||||
char *target = alloca(st.st_size);
|
||||
if (target == NULL)
|
||||
return -ENOMEM;
|
||||
if (readlinkat(atfd, filename, target, st.st_size) < 0)
|
||||
return -errno;
|
||||
|
||||
EVP_Digest(target, st.st_size, fi->csum.data, NULL,
|
||||
apk_checksum_evp(checksum), NULL);
|
||||
fi->csum.type = checksum;
|
||||
return 0;
|
||||
}
|
||||
|
||||
bs = apk_bstream_from_file(atfd, filename);
|
||||
if (bs != NULL) {
|
||||
EVP_MD_CTX mdctx;
|
||||
apk_blob_t blob;
|
||||
|
||||
EVP_DigestInit(&mdctx, apk_get_digest(checksum));
|
||||
EVP_DigestInit(&mdctx, apk_checksum_evp(checksum));
|
||||
if (bs->flags & APK_BSTREAM_SINGLE_READ)
|
||||
EVP_MD_CTX_set_flags(&mdctx, EVP_MD_CTX_FLAG_ONESHOT);
|
||||
while (!APK_BLOB_IS_NULL(blob = bs->read(bs, APK_BLOB_NULL)))
|
||||
|
|
Loading…
Reference in New Issue