search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
make a bunch of sparse missing prototype warnings go away
[trinity.git] / files.c
blobbc7ef937225d29315f2f4d8c62bf2e2ca454b68b
1 #include <ftw.h>
2 #include <stdio.h>
3 #include <stdlib.h>
4 #include <string.h>
5 #include <unistd.h>
6 #include <fcntl.h>
7 #include <dirent.h>
8 #include <errno.h>
9 #include <sys/types.h>
10 #include <sys/stat.h>
11
12 #include "trinity.h" // __unused__
13 #include "arch.h" // page_size
14 #include "constants.h"
15 #include "files.h"
16 #include "list.h"
17 #include "log.h"
18 #include "maps.h"
19 #include "params.h"
20 #include "random.h"
21 #include "shm.h"
22 #include "sanitise.h"
23 #include "uid.h"
24 #include "utils.h"
25
26 static int files_added = 0;
27 const char **fileindex;
28 unsigned int files_in_index = 0;
29
30 struct namelist {
31 struct list_head list;
32 const char *name;
33 };
34
35 static struct namelist *names = NULL;
36
37 static int ignore_files(const char *path)
38 {
39 unsigned int i, j;
40 unsigned int pathlen, offset = 0;
41
42 /* These are exact matches. */
43 const char *ignored_paths[] = {
44 ".", "..",
45
46 /* dangerous/noisy/annoying stuff in /proc */
47 "/proc/sysrq-trigger", "/proc/kmem", "/proc/kcore",
48
49 /* dangerous/noisy/annoying stuff in /dev */
50 "/dev/log", "/dev/mem", "/dev/kmsg",
51 NULL
52 };
53
54 /* Partial matches. */ //FIXME: This whole function should just use globs to pattern match.
55 const char *ignored_patterns[] = {
56
57 /* dangerous/noisy/annoying per-process stuff. */
58 "coredump_filter", "make-it-fail", "oom_adj", "oom_score_adj",
59 NULL
60 };
61
62 pathlen = strlen(path);
63
64 /* First do the exact matches */
65 for (i = 0; ignored_paths[i]; i++) {
66 if (strlen(ignored_paths[i]) != pathlen) {
67 continue;
68 }
69
70 if (!strcmp(path, ignored_paths[i])) {
71 debugf("Skipping %s\n", path);
72 return 1;
73 }
74 }
75
76 /* Now make sure none of the patterns match the end of the pathname */
77 for (j = 0; j < pathlen; j++) {
78 if (path[j] == '/')
79 offset = j;
80 }
81 offset++;
82
83 if (offset == 1)
84 return 0;
85
86 for (i = 0; ignored_patterns[i]; i++) {
87 if (!strcmp(path + offset, ignored_patterns[i])) {
88 debugf("Skipping pattern %s\n", path);
89 return 1;
90 }
91 }
92
93 /* special case to match tty* until I do globbing */
94 if (!strncmp(path + offset, "tty", 3)) {
95 debugf("Skipping %s\n", path);
96 return 1;
97 }
98 return 0;
99 }
100
101 static void add_to_namelist(const char *name)
102 {
103 struct namelist *newnode;
104 struct list_head *list = (struct list_head *) names;
105
106 newnode = zmalloc(sizeof(struct namelist));
107 newnode->name = strdup(name);
108 list_add_tail(&newnode->list, list);
109 }
110
111 static int check_stat_file(const struct stat *sb)
112 {
113 int openflag;
114 bool set_read = FALSE;
115 bool set_write = FALSE;
116 uid_t target_uid = orig_uid;
117 gid_t target_gid = orig_gid;
118
119 if (dropprivs == TRUE) {
120 target_uid = nobody_uid;
121 target_gid = nobody_gid;
122 }
123
124 if (S_ISLNK(sb->st_mode))
125 return -1;
126
127 if (sb->st_uid == target_uid) {
128 if (sb->st_mode & S_IRUSR)
129 set_read = TRUE;
130 if (sb->st_mode & S_IWUSR)
131 set_write = TRUE;
132 }
133
134 if (sb->st_gid == target_gid) {
135 if (sb->st_mode & S_IRGRP)
136 set_read = TRUE;
137 if (sb->st_mode & S_IWGRP)
138 set_write = TRUE;
139 }
140
141 if (sb->st_mode & S_IROTH)
142 set_read = TRUE;
143 if (sb->st_mode & S_IWOTH)
144 set_write = TRUE;
145
146
147 if ((set_read | set_write) == 0)
148 return -1;
149
150 if (set_read == TRUE)
151 openflag = O_RDONLY;
152 if (set_write == TRUE)
153 openflag = O_WRONLY;
154 if ((set_read == TRUE) && (set_write == TRUE))
155 openflag = O_RDWR;
156
157 if (S_ISDIR(sb->st_mode))
158 openflag = O_RDONLY;
159
160 return openflag;
161 }
162
163 static int file_tree_callback(const char *fpath, const struct stat *sb, __unused__ int typeflag, __unused__ struct FTW *ftwbuf)
164 {
165
166 if (ignore_files(fpath)) {
167 return FTW_SKIP_SUBTREE;
168 }
169
170 // Check we can read it.
171 if (check_stat_file(sb) == -1)
172 return FTW_CONTINUE;
173
174 if (shm->exit_reason != STILL_RUNNING)
175 return FTW_STOP;
176
177 add_to_namelist(fpath);
178 files_added++;
179
180 return FTW_CONTINUE;
181 }
182
183
184 static void open_fds(const char *dirpath)
185 {
186 int before = files_added;
187 int flags = FTW_DEPTH | FTW_ACTIONRETVAL | FTW_MOUNT;
188 int ret;
189
190 /* By default, don't follow symlinks so we only get each file once.
191 * But, if we do something like -V /lib, then follow it
192 *
193 * I'm not sure about this, might remove later.
194 */
195 if (victim_path == NULL)
196 flags |= FTW_PHYS;
197
198 ret = nftw(dirpath, file_tree_callback, 32, flags);
199 if (ret != 0) {
200 if (shm->exit_reason != EXIT_SIGINT)
201 output(0, "Something went wrong during nftw(%s). (%d:%s)\n",
202 dirpath, ret, strerror(errno));
203 return;
204 }
205
206 output(0, "Added %d filenames from %s\n", files_added - before, dirpath);
207 }
208
209 void generate_filelist(void)
210 {
211 unsigned int i = 0;
212 struct list_head *node;
213 struct namelist *nl;
214
215 names = zmalloc(sizeof(struct namelist));
216 INIT_LIST_HEAD(&names->list);
217
218 output(1, "Generating file descriptors\n");
219
220 if (victim_path != NULL) {
221 open_fds(victim_path);
222 } else {
223 open_fds("/dev");
224 open_fds("/proc");
225 open_fds("/sys");
226 }
227
228 if (shm->exit_reason != STILL_RUNNING)
229 return;
230
231 if (files_added == 0) {
232 output(1, "Didn't add any files!!\n");
233 return;
234 }
235
236 /* Generate an index of pointers to the filenames */
237
238 fileindex = malloc(sizeof(char *) * files_added);
239
240 list_for_each(node, &names->list) {
241 nl = (struct namelist *) node;
242 fileindex[i++] = nl->name;
243 }
244 files_in_index = i;
245 }
246
247 static int open_file(void)
248 {
249 int fd;
250 int ret;
251 const char *filename;
252 int flags;
253 const char *modestr;
254 struct stat sb;
255
256 retry:
257 filename = get_filename();
258 ret = lstat(filename, &sb);
259 if (ret == -1)
260 goto retry;
261
262 flags = check_stat_file(&sb);
263 if (flags == -1)
264 goto retry;
265
266 fd = open(filename, flags | O_NONBLOCK);
267 if (fd < 0) {
268 output(2, "Couldn't open %s : %s\n", filename, strerror(errno));
269 return fd;
270 }
271
272 switch (flags) {
273 case O_RDONLY: modestr = "read-only"; break;
274 case O_WRONLY: modestr = "write-only"; break;
275 case O_RDWR: modestr = "read-write"; break;
276 default: modestr = "unknown"; break;
277 }
278 output(2, "fd[%i] = %s (%s)\n", fd, filename, modestr);
279 return fd;
280 }
281
282 void open_files(void)
283 {
284 unsigned int i, nr_to_open;
285
286 if (files_in_index < NR_FILE_FDS)
287 nr_to_open = files_in_index;
288 else
289 nr_to_open = NR_FILE_FDS;
290
291 if (fileindex == NULL) /* this can happen if we ctrl-c'd */
292 return;
293
294 for (i = 0; i < nr_to_open; i++) {
295 int fd;
296
297 fd = open_file();
298
299 shm->file_fds[i] = fd;
300 nr_file_fds++;
301 }
302 }
303
304 void close_files(void)
305 {
306 unsigned int i;
307
308 shm->current_fd = 0;
309 shm->fd_lifetime = 0;
310
311 // FIXME: Does this need locking? At the least, check for NULL fd's
312 for (i = 0; i < nr_file_fds; i++) {
313 int fd;
314
315 fd = shm->file_fds[i];
316 shm->file_fds[i] = 0;
317 if (fd != 0)
318 close(fd);
319 }
320
321 nr_file_fds = 0;
322 }
323
324 const char * get_filename(void)
325 {
326 if (files_in_index == 0) /* This can happen if we run with -n. Should we do something else ? */
327 return NULL;
328
329 return fileindex[rand() % files_in_index];
330 }
Linux systemcall fuzzer