sandbox: Correct fix for hs part of 12064

Bugfix on cfd0ee514c279bc6c7b; bug not in any released version of tor
2025-02-24 06:48:05 +01:00 · 2014-05-23 11:46:44 -04:00 · 2014-05-23 11:46:44 -04:00 · 824bebd409
commit 824bebd409
parent 5de91d118d
3 changed files with 29 additions and 5 deletions
--- a/src/or/main.c
+++ b/src/or/main.c
@ -2833,7 +2833,6 @@ sandbox_init_filter(void)
  {
    smartlist_t *files = smartlist_new();
    tor_log_get_logfile_names(files);
-    rend_services_add_filenames_to_list(files);
    SMARTLIST_FOREACH(files, char *, file_name, {
      /* steals reference */
      sandbox_cfg_allow_open_filename(&cfg, file_name);
@ -2841,6 +2840,26 @@ sandbox_init_filter(void)
    smartlist_free(files);
  }

+  {
+    smartlist_t *files = smartlist_new();
+    smartlist_t *dirs = smartlist_new();
+    rend_services_add_filenames_to_lists(files, dirs);
+    SMARTLIST_FOREACH(files, char *, file_name, {
+      char *tmp_name = NULL;
+      tor_asprintf(&tmp_name, "%s.tmp", file_name);
+      sandbox_cfg_allow_rename(&cfg,
+                               tor_strdup(tmp_name), tor_strdup(file_name));
+      /* steals references */
+      sandbox_cfg_allow_open_filename_array(&cfg, file_name, tmp_name, NULL);
+    });
+    SMARTLIST_FOREACH(dirs, char *, dir, {
+      /* steals reference */
+      sandbox_cfg_allow_stat_filename(&cfg, dir);
+    });
+    smartlist_free(files);
+    smartlist_free(dirs);
+  }
+
  {
    char *fname;
    if ((fname = get_controller_cookie_file_name())) {
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@ -670,14 +670,18 @@ rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s)
                         s->directory);
 }

-/** Add to <b>lst</b> every filename used by a configured hidden service */
+/** Add to <b>open_lst</b> every filename used by a configured hidden service,
+ * and to <b>stat_lst</b> every directory used by a configured hidden
+ * service */
 void
-rend_services_add_filenames_to_list(smartlist_t *lst)
+rend_services_add_filenames_to_lists(smartlist_t *open_lst,
+                                     smartlist_t *stat_lst)
 {
  if (!rend_service_list)
    return;
  SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) {
-    rend_service_add_filenames_to_list(lst, s);
+    rend_service_add_filenames_to_list(open_lst, s);
+    smartlist_add(stat_lst, tor_strdup(s->directory));
  } SMARTLIST_FOREACH_END(s);
 }

--- a/src/or/rendservice.h
+++ b/src/or/rendservice.h
@ -71,7 +71,8 @@ struct rend_intro_cell_s {
 int num_rend_services(void);
 int rend_config_services(const or_options_t *options, int validate_only);
 int rend_service_load_all_keys(void);
-void rend_services_add_filenames_to_list(smartlist_t *lst);
+void rend_services_add_filenames_to_lists(smartlist_t *open_lst,
+                                          smartlist_t *stat_lst);
 void rend_services_introduce(void);
 void rend_consider_services_upload(time_t now);
 void rend_hsdir_routers_changed(void);