X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=unix%2Fuxmisc.c;h=e2c2de3232e05103fc7e5d8ddd39ee3b8bbde87f;hb=89da2ddf564a93414ee9ab2df3f053608094e417;hp=01e1299ddb36d5940246f4caf5acb3a4894ced3d;hpb=0395e52bb8db4b77e792ea1c46b2c0024c67986b;p=PuTTY.git

diff --git a/unix/uxmisc.c b/unix/uxmisc.c
index 01e1299d..e2c2de32 100644
--- a/unix/uxmisc.c
+++ b/unix/uxmisc.c
@@ -6,10 +6,12 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <assert.h>
+#include <errno.h>
 #include <unistd.h>
 #include <time.h>
 #include <sys/time.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <pwd.h>
 
 #include "putty.h"
@@ -29,7 +31,7 @@ unsigned long getticks(void)
         struct timespec ts;
         if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0)
             return ts.tv_sec * TICKSPERSEC +
-                ts.tv_nsec / (1000000 / TICKSPERSEC);
+                ts.tv_nsec / (1000000000 / TICKSPERSEC);
     }
 #endif
     {
@@ -96,7 +98,7 @@ Filename *filename_deserialise(void *vdata, int maxsize, int *used)
 #ifdef DEBUG
 static FILE *debug_fp = NULL;
 
-void dputs(char *buf)
+void dputs(const char *buf)
 {
     if (!debug_fp) {
 	debug_fp = fopen("debug.log", "w");
@@ -168,14 +170,70 @@ void pgp_fingerprints(void)
 }
 
 /*
- * Set FD_CLOEXEC on a file descriptor
+ * Set and clear fcntl options on a file descriptor. We don't
+ * realistically expect any of these operations to fail (the most
+ * plausible error condition is EBADF, but we always believe ourselves
+ * to be passing a valid fd so even that's an assertion-fail sort of
+ * response), so we don't make any effort to return sensible error
+ * codes to the caller - we just log to standard error and die
+ * unceremoniously. However, nonblock and no_nonblock do return the
+ * previous state of O_NONBLOCK.
  */
-int cloexec(int fd) {
+void cloexec(int fd) {
     int fdflags;
 
     fdflags = fcntl(fd, F_GETFD);
-    if (fdflags == -1) return -1;
-    return fcntl(fd, F_SETFD, fdflags | FD_CLOEXEC);
+    if (fdflags < 0) {
+        fprintf(stderr, "%d: fcntl(F_GETFD): %s\n", fd, strerror(errno));
+        exit(1);
+    }
+    if (fcntl(fd, F_SETFD, fdflags | FD_CLOEXEC) < 0) {
+        fprintf(stderr, "%d: fcntl(F_SETFD): %s\n", fd, strerror(errno));
+        exit(1);
+    }
+}
+void noncloexec(int fd) {
+    int fdflags;
+
+    fdflags = fcntl(fd, F_GETFD);
+    if (fdflags < 0) {
+        fprintf(stderr, "%d: fcntl(F_GETFD): %s\n", fd, strerror(errno));
+        exit(1);
+    }
+    if (fcntl(fd, F_SETFD, fdflags & ~FD_CLOEXEC) < 0) {
+        fprintf(stderr, "%d: fcntl(F_SETFD): %s\n", fd, strerror(errno));
+        exit(1);
+    }
+}
+int nonblock(int fd) {
+    int fdflags;
+
+    fdflags = fcntl(fd, F_GETFL);
+    if (fdflags < 0) {
+        fprintf(stderr, "%d: fcntl(F_GETFL): %s\n", fd, strerror(errno));
+        exit(1);
+    }
+    if (fcntl(fd, F_SETFL, fdflags | O_NONBLOCK) < 0) {
+        fprintf(stderr, "%d: fcntl(F_SETFL): %s\n", fd, strerror(errno));
+        exit(1);
+    }
+
+    return fdflags & O_NONBLOCK;
+}
+int no_nonblock(int fd) {
+    int fdflags;
+
+    fdflags = fcntl(fd, F_GETFL);
+    if (fdflags < 0) {
+        fprintf(stderr, "%d: fcntl(F_GETFL): %s\n", fd, strerror(errno));
+        exit(1);
+    }
+    if (fcntl(fd, F_SETFL, fdflags & ~O_NONBLOCK) < 0) {
+        fprintf(stderr, "%d: fcntl(F_SETFL): %s\n", fd, strerror(errno));
+        exit(1);
+    }
+
+    return fdflags & O_NONBLOCK;
 }
 
 FILE *f_open(const Filename *filename, char const *mode, int is_private)
@@ -224,3 +282,34 @@ FontSpec *fontspec_deserialise(void *vdata, int maxsize, int *used)
     *used = end - data + 1;
     return fontspec_new(data);
 }
+
+char *make_dir_and_check_ours(const char *dirname)
+{
+    struct stat st;
+
+    /*
+     * Create the directory. We might have created it before, so
+     * EEXIST is an OK error; but anything else is doom.
+     */
+    if (mkdir(dirname, 0700) < 0 && errno != EEXIST)
+        return dupprintf("%s: mkdir: %s", dirname, strerror(errno));
+
+    /*
+     * Now check that that directory is _owned by us_ and not writable
+     * by anybody else. This protects us against somebody else
+     * previously having created the directory in a way that's
+     * writable to us, and thus manipulating us into creating the
+     * actual socket in a directory they can see so that they can
+     * connect to it and use our authenticated SSH sessions.
+     */
+    if (stat(dirname, &st) < 0)
+        return dupprintf("%s: stat: %s", dirname, strerror(errno));
+    if (st.st_uid != getuid())
+        return dupprintf("%s: directory owned by uid %d, not by us",
+                         dirname, st.st_uid);
+    if ((st.st_mode & 077) != 0)
+        return dupprintf("%s: directory has overgenerous permissions %03o"
+                         " (expected 700)", dirname, st.st_mode & 0777);
+
+    return NULL;
+}