g13: Run mount after dmsetup.

* g13/g13-syshelp.c (main): Reject userids with a slash. * g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Run mount if a mountpoint is known. Signed-off-by: Werner Koch <wk@gnupg.org>
2024-12-22 10:19:57 +01:00 · 2016-02-22 10:56:27 +01:00 · 2016-02-22 10:56:27 +01:00 · f26867928c
commit f26867928c
parent ede0061feb
2 changed files with 51 additions and 15 deletions
--- a/g13/g13-syshelp.c
+++ b/g13/g13-syshelp.c
@ -512,15 +512,23 @@ main ( int argc, char **argv)
          ctrl.client.uid = (uid_t)myuid;
      }

-      pwd = getpwuid (ctrl.client.uid);
-      if (!pwd || !*pwd->pw_name)
-        {
-          log_info ("WARNING: Name for UID not found: %s\n", strerror (errno));
-          ctrl.fail_all_cmds = 1;
-          ctrl.client.uname = xstrdup ("?");
-        }
-      else
-        ctrl.client.uname = xstrdup (pwd->pw_name);
+    pwd = getpwuid (ctrl.client.uid);
+    if (!pwd || !*pwd->pw_name)
+      {
+        log_info ("WARNING: Name for UID not found: %s\n", strerror (errno));
+        ctrl.fail_all_cmds = 1;
+        ctrl.client.uname = xstrdup ("?");
+      }
+    else
+      ctrl.client.uname = xstrdup (pwd->pw_name);
+
+    /* Check that the user name does not contain a directory
+       separator. */
+    if (strchr (ctrl.client.uname, '/'))
+      {
+        log_info ("WARNING: Invalid user name passed\n");
+        ctrl.fail_all_cmds = 1;
+      }
  }
 #else /*!HAVE_PWD_H || !HAVE_GETPWUID*/
  log_info ("WARNING: System does not support required syscalls\n");
--- a/g13/sh-dmcrypt.c
+++ b/g13/sh-dmcrypt.c
@ -532,7 +532,8 @@ sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,
                            tupledesc_t keyblob)
 {
  gpg_error_t err;
-  char *targetname = NULL;
+  char *targetname_abs = NULL;
+  const char *targetname;
  char hexkey[16*2+1];
  char *table = NULL;
  unsigned long long nblocks, nblocks2;
@ -615,14 +616,19 @@ sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,

  /* Device mapper needs a name for the device: Take it from the label
     or use "0".  */
-  targetname = strconcat ("g13-", ctrl->client.uname, "-",
-                          ctrl->devti->label? ctrl->devti->label : "0",
-                          NULL);
-  if (!targetname)
+  targetname_abs = strconcat ("/dev/mapper/",
+                              "g13-", ctrl->client.uname, "-",
+                              ctrl->devti->label? ctrl->devti->label : "0",
+                              NULL);
+  if (!targetname_abs)
    {
      err = gpg_error_from_syserror ();
      goto leave;
    }
+  targetname = strrchr (targetname_abs, '/');
+  if (!targetname)
+    BUG ();
+  targetname++;

  /* Get the algorithm string.  */
  algostr = find_tuple (keyblob, KEYBLOB_TAG_ALGOSTR, &algostrlen);
@ -675,6 +681,28 @@ sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,
    }
  if (result && *result)
    log_debug ("dmsetup result: %s\n", result);
+  xfree (result);
+  result = NULL;
+
+  /* Mount if a mountpoint has been given.  */
+  if (ctrl->devti->mountpoint)
+    {
+      const char *argv[3];
+
+      argv[0] = targetname_abs;
+      argv[1] = ctrl->devti->mountpoint;
+      argv[2] = NULL;
+      log_debug ("now running \"mount %s %s\"\n",
+                 targetname_abs, ctrl->devti->mountpoint);
+      err = gnupg_exec_tool ("/bin/mount", argv, NULL, &result, NULL);
+      if (err)
+        {
+          log_error ("error running mount: %s\n", gpg_strerror (err));
+          goto leave;
+        }
+      if (result && *result)  /* (We should not see output to stdout).  */
+        log_info ("WARNING: mount returned data on stdout! (%s)\n", result);
+    }


 leave:
@ -684,7 +712,7 @@ sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,
      wipememory (table, strlen (table));
      xfree (table);
    }
-  xfree (targetname);
+  xfree (targetname_abs);
  xfree (result);
  return err;
 }