Browse code
Added a warning when plugins are specified without an absolute pathname.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3082 e7ae566f-a301-0410-adde-c780ea21d3b5
james authored on 2008/07/19 08:49:50Showing 3 changed files
| ... | ... |
@@ -1159,6 +1159,22 @@ delete_file (const char *filename) |
| 1159 | 1159 |
#endif |
| 1160 | 1160 |
} |
| 1161 | 1161 |
|
| 1162 |
+bool |
|
| 1163 |
+absolute_pathname (const char *pathname) |
|
| 1164 |
+{
|
|
| 1165 |
+ if (pathname) |
|
| 1166 |
+ {
|
|
| 1167 |
+ const int c = pathname[0]; |
|
| 1168 |
+#ifdef WIN32 |
|
| 1169 |
+ return c == '\\' || (isalpha(c) && pathname[1] == ':' && pathname[2] == '\\'); |
|
| 1170 |
+#else |
|
| 1171 |
+ return c == '/'; |
|
| 1172 |
+#endif |
|
| 1173 |
+ } |
|
| 1174 |
+ else |
|
| 1175 |
+ return false; |
|
| 1176 |
+} |
|
| 1177 |
+ |
|
| 1162 | 1178 |
/* |
| 1163 | 1179 |
* Return the next largest power of 2 |
| 1164 | 1180 |
* or u if u is a power of 2. |
| ... | ... |
@@ -217,6 +217,9 @@ const char *gen_path (const char *directory, const char *filename, struct gc_are |
| 217 | 217 |
/* delete a file, return true if succeeded */ |
| 218 | 218 |
bool delete_file (const char *filename); |
| 219 | 219 |
|
| 220 |
+/* return true if pathname is absolute */ |
|
| 221 |
+bool absolute_pathname (const char *pathname); |
|
| 222 |
+ |
|
| 220 | 223 |
/* return the next largest power of 2 */ |
| 221 | 224 |
unsigned int adjust_power_of_2 (unsigned int u); |
| 222 | 225 |
|
| ... | ... |
@@ -185,6 +185,8 @@ static void |
| 185 | 185 |
plugin_init_item (struct plugin *p, const struct plugin_option *o) |
| 186 | 186 |
{
|
| 187 | 187 |
struct gc_arena gc = gc_new (); |
| 188 |
+ bool rel = false; |
|
| 189 |
+ |
|
| 188 | 190 |
p->so_pathname = o->so_pathname; |
| 189 | 191 |
p->plugin_type_mask = plugin_supported_types (); |
| 190 | 192 |
|
| ... | ... |
@@ -192,7 +194,7 @@ plugin_init_item (struct plugin *p, const struct plugin_option *o) |
| 192 | 192 |
|
| 193 | 193 |
p->handle = NULL; |
| 194 | 194 |
#if defined(PLUGIN_LIBDIR) |
| 195 |
- if (!strrchr(p->so_pathname, '/')) |
|
| 195 |
+ if (!absolute_pathname (p->so_pathname)) |
|
| 196 | 196 |
{
|
| 197 | 197 |
char full[PATH_MAX]; |
| 198 | 198 |
|
| ... | ... |
@@ -201,6 +203,7 @@ plugin_init_item (struct plugin *p, const struct plugin_option *o) |
| 201 | 201 |
#if defined(ENABLE_PLUGIN_SEARCH) |
| 202 | 202 |
if (!p->handle) |
| 203 | 203 |
{
|
| 204 |
+ rel = true; |
|
| 204 | 205 |
p->handle = dlopen (p->so_pathname, RTLD_NOW); |
| 205 | 206 |
} |
| 206 | 207 |
#endif |
| ... | ... |
@@ -208,6 +211,7 @@ plugin_init_item (struct plugin *p, const struct plugin_option *o) |
| 208 | 208 |
else |
| 209 | 209 |
#endif |
| 210 | 210 |
{
|
| 211 |
+ rel = !absolute_pathname (p->so_pathname); |
|
| 211 | 212 |
p->handle = dlopen (p->so_pathname, RTLD_NOW); |
| 212 | 213 |
} |
| 213 | 214 |
if (!p->handle) |
| ... | ... |
@@ -217,6 +221,7 @@ plugin_init_item (struct plugin *p, const struct plugin_option *o) |
| 217 | 217 |
|
| 218 | 218 |
#elif defined(USE_LOAD_LIBRARY) |
| 219 | 219 |
|
| 220 |
+ rel = !absolute_pathname (p->so_pathname); |
|
| 220 | 221 |
p->module = LoadLibrary (p->so_pathname); |
| 221 | 222 |
if (!p->module) |
| 222 | 223 |
msg (M_ERR, "PLUGIN_INIT: could not load plugin DLL: %s", p->so_pathname); |
| ... | ... |
@@ -260,6 +265,9 @@ plugin_init_item (struct plugin *p, const struct plugin_option *o) |
| 260 | 260 |
else |
| 261 | 261 |
p->requested_initialization_point = OPENVPN_PLUGIN_INIT_PRE_DAEMON; |
| 262 | 262 |
|
| 263 |
+ if (rel) |
|
| 264 |
+ msg (M_WARN, "WARNING: plugin '%s' specified by a relative pathname -- using an absolute pathname would be more secure", p->so_pathname); |
|
| 265 |
+ |
|
| 263 | 266 |
p->initialized = true; |
| 264 | 267 |
|
| 265 | 268 |
gc_free (&gc); |