diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-18 23:49:50 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-18 23:49:50 +0000 |
| commit | d1dcc3e706c5e7de69e79e70a3c431ca4ce27881 (patch) | |
| tree | 474fbb8f0eeccf306581f0d07bea55c5cf42c6bc | |
| parent | Reverted some recent buffer.[ch] changes, including r3058 (except for (diff) | |
| download | openvpn-d1dcc3e706c5e7de69e79e70a3c431ca4ce27881.tar.xz | |
Added a warning when plugins are specified without
an absolute pathname.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3082 e7ae566f-a301-0410-adde-c780ea21d3b5
| -rw-r--r-- | misc.c | 16 | ||||
| -rw-r--r-- | misc.h | 3 | ||||
| -rw-r--r-- | plugin.c | 10 |
3 files changed, 28 insertions, 1 deletions
@@ -1159,6 +1159,22 @@ delete_file (const char *filename) #endif } +bool +absolute_pathname (const char *pathname) +{ + if (pathname) + { + const int c = pathname[0]; +#ifdef WIN32 + return c == '\\' || (isalpha(c) && pathname[1] == ':' && pathname[2] == '\\'); +#else + return c == '/'; +#endif + } + else + return false; +} + /* * Return the next largest power of 2 * or u if u is a power of 2. @@ -217,6 +217,9 @@ const char *gen_path (const char *directory, const char *filename, struct gc_are /* delete a file, return true if succeeded */ bool delete_file (const char *filename); +/* return true if pathname is absolute */ +bool absolute_pathname (const char *pathname); + /* return the next largest power of 2 */ unsigned int adjust_power_of_2 (unsigned int u); @@ -185,6 +185,8 @@ static void plugin_init_item (struct plugin *p, const struct plugin_option *o) { struct gc_arena gc = gc_new (); + bool rel = false; + p->so_pathname = o->so_pathname; p->plugin_type_mask = plugin_supported_types (); @@ -192,7 +194,7 @@ plugin_init_item (struct plugin *p, const struct plugin_option *o) p->handle = NULL; #if defined(PLUGIN_LIBDIR) - if (!strrchr(p->so_pathname, '/')) + if (!absolute_pathname (p->so_pathname)) { char full[PATH_MAX]; @@ -201,6 +203,7 @@ plugin_init_item (struct plugin *p, const struct plugin_option *o) #if defined(ENABLE_PLUGIN_SEARCH) if (!p->handle) { + rel = true; p->handle = dlopen (p->so_pathname, RTLD_NOW); } #endif @@ -208,6 +211,7 @@ plugin_init_item (struct plugin *p, const struct plugin_option *o) else #endif { + rel = !absolute_pathname (p->so_pathname); p->handle = dlopen (p->so_pathname, RTLD_NOW); } if (!p->handle) @@ -217,6 +221,7 @@ plugin_init_item (struct plugin *p, const struct plugin_option *o) #elif defined(USE_LOAD_LIBRARY) + rel = !absolute_pathname (p->so_pathname); p->module = LoadLibrary (p->so_pathname); if (!p->module) msg (M_ERR, "PLUGIN_INIT: could not load plugin DLL: %s", p->so_pathname); @@ -260,6 +265,9 @@ plugin_init_item (struct plugin *p, const struct plugin_option *o) else p->requested_initialization_point = OPENVPN_PLUGIN_INIT_PRE_DAEMON; + if (rel) + msg (M_WARN, "WARNING: plugin '%s' specified by a relative pathname -- using an absolute pathname would be more secure", p->so_pathname); + p->initialized = true; gc_free (&gc); |