coolkey/patches/02-machdep.cpp.patch

	02-machdep.cpp.patch revision 6399
6399N/AUpstream fixes already included in the latest updates to coolkey v1.1.0
6399N/A
6399N/AAddresses cache directory, memory leak and compiler issues.
6399N/AAdded MAP_FILE definiton for Solaris.
6399N/A
6399N/A--- ORIGINAL/./src/coolkey/machdep.cpp  2016-06-24 16:07:19.527102431 -0400
6399N/A+++ ././src/coolkey/machdep.cpp 2016-06-27 13:36:57.607064368 -0400
6399N/A@@ -33,8 +33,18 @@
6399N/A #include <sys/stat.h>
6399N/A #include <sys/mman.h>
6399N/A #include <pthread.h>
6399N/A+#include <string.h>
6399N/A+#include <stdlib.h>
6399N/A #endif
6399N/A
6399N/A+bool OSLock::needThread = 0;
6399N/A+
6399N/A+// Solaris specific - MAP_FILE needs to be defined
6399N/A+#ifndef    MAP_FILE
6399N/A+#define MAP_FILE   0
6399N/A+#endif
6399N/A+
6399N/A+
6399N/A #ifdef _WIN32
6399N/A //
6399N/A // Windows functions to grab a named shared memory segment of a specific size,
6399N/A@@ -121,6 +131,10 @@
6399N/A
6399N/A OSLock::OSLock(bool exceptionAllowed)
6399N/A {
6399N/A+    if (!needThread) {
6399N/A+   lockData = NULL;
6399N/A+   return;
6399N/A+    }
6399N/A     lockData = new OSLockData;
6399N/A     if (lockData) {
6399N/A    InitializeCriticalSection(&lockData->mutex);
6399N/A@@ -185,12 +199,20 @@
6399N/A #define MAP_INHERIT 0
6399N/A #endif
6399N/A
6399N/A+#ifndef BASEPATH
6399N/A+#ifdef MAC
6399N/A+#define BASEPATH "/var"
6399N/A+#else
6399N/A+#define BASEPATH "/var/cache"
6399N/A+#endif
6399N/A+#endif
6399N/A+
6399N/A #ifdef FULL_CLEANUP
6399N/A #define RESERVED_OFFSET 256
6399N/A-#define MEMSEGPATH "/tmp/.pk11ipc"
6399N/A+#define MEMSEGPATH BASEPATH"/coolkey-lock"
6399N/A #else
6399N/A #define RESERVED_OFFSET 0
6399N/A-#define MEMSEGPATH "/tmp/.pk11ipc1"
6399N/A+#define MEMSEGPATH BASEPATH"/coolkey"
6399N/A #endif
6399N/A
6399N/A struct SHMemData {
6399N/A@@ -208,11 +230,6 @@
6399N/A #ifdef FULL_CLEANUP
6399N/A    flock(fd,LOCK_EX);
6399N/A    unsigned long ref = --(*(unsigned long *)addr);
6399N/A-#ifdef notdef
6399N/A-   if (ref == 0) {
6399N/A-       unlink(path);
6399N/A-   }
6399N/A-#endif
6399N/A    flock(fd, LOCK_UN);
6399N/A #endif
6399N/A    munmap(addr,size+RESERVED_OFFSET);
6399N/A@@ -225,6 +242,73 @@
6399N/A     }
6399N/A }
6399N/A
6399N/A+/*
6399N/A+ * The cache directory is shared and accessible by anyone, make
6399N/A+ * sure the cache file we are opening is really a valid cache file.
6399N/A+ */
6399N/A+int safe_open(char *path, int flags, int mode, int size)
6399N/A+{
6399N/A+    struct stat buf;
6399N/A+    int fd, ret;
6399N/A+
6399N/A+    fd = open (path, flags|O_NOFOLLOW, mode);
6399N/A+
6399N/A+    if (fd < 0) {
6399N/A+   return fd;
6399N/A+    }
6399N/A+
6399N/A+    ret = fstat(fd, &buf);
6399N/A+    if (ret < 0) {
6399N/A+   close (fd);
6399N/A+   return ret;
6399N/A+    }
6399N/A+
6399N/A+    /* our cache files are pretty specific, make sure we are looking
6399N/A+     * at the correct one */
6399N/A+
6399N/A+    /* first, we should own the file ourselves, don't open a file
6399N/A+     * that someone else wanted us to see. */
6399N/A+    if (buf.st_uid != getuid()) {
6399N/A+   close(fd);
6399N/A+   errno = EACCES;
6399N/A+   return -1;
6399N/A+    }
6399N/A+
6399N/A+    /* next, there should only be one link in this file. Don't
6399N/A+     * use this code to trash another file */
6399N/A+    if (buf.st_nlink != 1) {
6399N/A+   close(fd);
6399N/A+   errno = EMLINK;
6399N/A+   return -1;
6399N/A+    }
6399N/A+
6399N/A+    /* next, This better be a regular file */
6399N/A+    if (!S_ISREG(buf.st_mode)) {
6399N/A+   close(fd);
6399N/A+   errno = EACCES;
6399N/A+   return -1;
6399N/A+    }
6399N/A+
6399N/A+    /* if the permissions don't match, something is wrong */
6399N/A+    if ((buf.st_mode & 03777) != mode) {
6399N/A+   close(fd);
6399N/A+   errno = EACCES;
6399N/A+   return -1;
6399N/A+    }
6399N/A+
6399N/A+    /* finally the file should be the correct size. This
6399N/A+     * check isn't so much to protect from an attack, as it is to
6399N/A+     * detect a corrupted cache file */
6399N/A+    if (buf.st_size != size) {
6399N/A+   close(fd);
6399N/A+   errno = EACCES;
6399N/A+   return -1;
6399N/A+    }
6399N/A+
6399N/A+    /* OK, the file checked out, ok to continue */
6399N/A+    return fd;
6399N/A+}
6399N/A+
6399N/A SHMem::SHMem(): shmemData(0) {}
6399N/A
6399N/A SHMem *
6399N/A@@ -248,7 +332,7 @@
6399N/A    return NULL;
6399N/A     }
6399N/A     int mask = umask(0);
6399N/A-    int ret = mkdir (MEMSEGPATH, 0777);
6399N/A+    int ret = mkdir (MEMSEGPATH, 01777);
6399N/A     umask(mask);
6399N/A     if ((ret == -1) && (errno != EEXIST)) {
6399N/A    delete shmemData;
6399N/A@@ -264,21 +348,16 @@
6399N/A     shmemData->path[sizeof(MEMSEGPATH)-1] = '/';
6399N/A     strcpy(&shmemData->path[sizeof(MEMSEGPATH)],name);
6399N/A
6399N/A-    int mode = 0777;
6399N/A-    if (strcmp(name,"token_names") != 0) {
6399N/A-   /* each user gets his own uid array */
6399N/A-       sprintf(uid_str, "-%u",getuid());
6399N/A-       strcat(shmemData->path,uid_str);
6399N/A-   mode = 0700;
6399N/A-    }
6399N/A+    sprintf(uid_str, "-%u",getuid());
6399N/A+    strcat(shmemData->path,uid_str);
6399N/A+    int mode = 0600;
6399N/A+
6399N/A     shmemData->fd = open(shmemData->path,
6399N/A        O_CREAT|O_RDWR|O_EXCL|O_APPEND|O_EXLOCK, mode);
6399N/A-    if (shmemData->fd  < 0) {
6399N/A-   needInit = false;
6399N/A-   shmemData->fd = open(shmemData->path,O_RDWR|O_EXLOCK, mode);
6399N/A-    }  else {
6399N/A+    if (shmemData->fd >= 0) {
6399N/A    char *buf;
6399N/A    int len = size+RESERVED_OFFSET;
6399N/A+   int ret;
6399N/A
6399N/A    buf = (char *)calloc(1,len);
6399N/A    if (!buf) {
6399N/A@@ -289,8 +368,23 @@
6399N/A        delete shmemData;
6399N/A        return NULL;
6399N/A    }
6399N/A-   write(shmemData->fd,buf,len);
6399N/A+   ret = write(shmemData->fd,buf,len);
6399N/A+   if (ret != len) {
6399N/A+       unlink(shmemData->path);
6399N/A+#ifdef FULL_CLEANUP
6399N/A+       flock(shmemData->fd, LOCK_UN);
6399N/A+#endif
6399N/A+       free(buf);
6399N/A+       delete shmemData;
6399N/A+       return NULL;
6399N/A+   }
6399N/A+
6399N/A    free(buf);
6399N/A+    } else if (errno == EEXIST) {
6399N/A+   needInit = false;
6399N/A+
6399N/A+   shmemData->fd = safe_open(shmemData->path,O_RDWR|O_EXLOCK, mode,
6399N/A+                 size+RESERVED_OFFSET);
6399N/A     }
6399N/A     if (shmemData->fd < 0) {
6399N/A    delete shmemData;
6399N/A@@ -358,6 +452,9 @@
6399N/A     int rc;
6399N/A
6399N/A     lockData = NULL;
6399N/A+    if (!needThread) {
6399N/A+   return;
6399N/A+    }
6399N/A #ifdef MAC
6399N/A     if (!OSLock_attr_init) {
6399N/A    rc = pthread_mutexattr_init(&OSLock_attr);