head 1.2; access; symbols pkgsrc-2026Q1:1.2.0.116 pkgsrc-2026Q1-base:1.2 pkgsrc-2025Q4:1.2.0.114 pkgsrc-2025Q4-base:1.2 pkgsrc-2025Q3:1.2.0.112 pkgsrc-2025Q3-base:1.2 pkgsrc-2025Q2:1.2.0.110 pkgsrc-2025Q2-base:1.2 pkgsrc-2025Q1:1.2.0.108 pkgsrc-2025Q1-base:1.2 pkgsrc-2024Q4:1.2.0.106 pkgsrc-2024Q4-base:1.2 pkgsrc-2024Q3:1.2.0.104 pkgsrc-2024Q3-base:1.2 pkgsrc-2024Q2:1.2.0.102 pkgsrc-2024Q2-base:1.2 pkgsrc-2024Q1:1.2.0.100 pkgsrc-2024Q1-base:1.2 pkgsrc-2023Q4:1.2.0.98 pkgsrc-2023Q4-base:1.2 pkgsrc-2023Q3:1.2.0.96 pkgsrc-2023Q3-base:1.2 pkgsrc-2023Q2:1.2.0.94 pkgsrc-2023Q2-base:1.2 pkgsrc-2023Q1:1.2.0.92 pkgsrc-2023Q1-base:1.2 pkgsrc-2022Q4:1.2.0.90 pkgsrc-2022Q4-base:1.2 pkgsrc-2022Q3:1.2.0.88 pkgsrc-2022Q3-base:1.2 pkgsrc-2022Q2:1.2.0.86 pkgsrc-2022Q2-base:1.2 pkgsrc-2022Q1:1.2.0.84 pkgsrc-2022Q1-base:1.2 pkgsrc-2021Q4:1.2.0.82 pkgsrc-2021Q4-base:1.2 pkgsrc-2021Q3:1.2.0.80 pkgsrc-2021Q3-base:1.2 pkgsrc-2021Q2:1.2.0.78 pkgsrc-2021Q2-base:1.2 pkgsrc-2021Q1:1.2.0.76 pkgsrc-2021Q1-base:1.2 pkgsrc-2020Q4:1.2.0.74 pkgsrc-2020Q4-base:1.2 pkgsrc-2020Q3:1.2.0.72 pkgsrc-2020Q3-base:1.2 pkgsrc-2020Q2:1.2.0.68 pkgsrc-2020Q2-base:1.2 pkgsrc-2020Q1:1.2.0.48 pkgsrc-2020Q1-base:1.2 pkgsrc-2019Q4:1.2.0.70 pkgsrc-2019Q4-base:1.2 pkgsrc-2019Q3:1.2.0.66 pkgsrc-2019Q3-base:1.2 pkgsrc-2019Q2:1.2.0.64 pkgsrc-2019Q2-base:1.2 pkgsrc-2019Q1:1.2.0.62 pkgsrc-2019Q1-base:1.2 pkgsrc-2018Q4:1.2.0.60 pkgsrc-2018Q4-base:1.2 pkgsrc-2018Q3:1.2.0.58 pkgsrc-2018Q3-base:1.2 pkgsrc-2018Q2:1.2.0.56 pkgsrc-2018Q2-base:1.2 pkgsrc-2018Q1:1.2.0.54 pkgsrc-2018Q1-base:1.2 pkgsrc-2017Q4:1.2.0.52 pkgsrc-2017Q4-base:1.2 pkgsrc-2017Q3:1.2.0.50 pkgsrc-2017Q3-base:1.2 pkgsrc-2017Q2:1.2.0.46 pkgsrc-2017Q2-base:1.2 pkgsrc-2017Q1:1.2.0.44 pkgsrc-2017Q1-base:1.2 pkgsrc-2016Q4:1.2.0.42 pkgsrc-2016Q4-base:1.2 pkgsrc-2016Q3:1.2.0.40 pkgsrc-2016Q3-base:1.2 pkgsrc-2016Q2:1.2.0.38 pkgsrc-2016Q2-base:1.2 pkgsrc-2016Q1:1.2.0.36 pkgsrc-2016Q1-base:1.2 pkgsrc-2015Q4:1.2.0.34 pkgsrc-2015Q4-base:1.2 pkgsrc-2015Q3:1.2.0.32 pkgsrc-2015Q3-base:1.2 pkgsrc-2015Q2:1.2.0.30 pkgsrc-2015Q2-base:1.2 pkgsrc-2015Q1:1.2.0.28 pkgsrc-2015Q1-base:1.2 pkgsrc-2014Q4:1.2.0.26 pkgsrc-2014Q4-base:1.2 pkgsrc-2014Q3:1.2.0.24 pkgsrc-2014Q3-base:1.2 pkgsrc-2014Q2:1.2.0.22 pkgsrc-2014Q2-base:1.2 pkgsrc-2014Q1:1.2.0.20 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.2.0.18 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.16 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.14 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.2.0.12 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.10 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.8 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.6 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.4 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.2 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.1.1.1.0.34 pkgsrc-2011Q3-base:1.1.1.1 pkgsrc-2011Q2:1.1.1.1.0.32 pkgsrc-2011Q2-base:1.1.1.1 pkgsrc-2011Q1:1.1.1.1.0.30 pkgsrc-2011Q1-base:1.1.1.1 pkgsrc-2010Q4:1.1.1.1.0.28 pkgsrc-2010Q4-base:1.1.1.1 pkgsrc-2010Q3:1.1.1.1.0.26 pkgsrc-2010Q3-base:1.1.1.1 pkgsrc-2010Q2:1.1.1.1.0.24 pkgsrc-2010Q2-base:1.1.1.1 pkgsrc-2010Q1:1.1.1.1.0.22 pkgsrc-2010Q1-base:1.1.1.1 pkgsrc-2009Q4:1.1.1.1.0.20 pkgsrc-2009Q4-base:1.1.1.1 pkgsrc-2009Q3:1.1.1.1.0.18 pkgsrc-2009Q3-base:1.1.1.1 pkgsrc-2009Q2:1.1.1.1.0.16 pkgsrc-2009Q2-base:1.1.1.1 pkgsrc-2009Q1:1.1.1.1.0.14 pkgsrc-2009Q1-base:1.1.1.1 pkgsrc-2008Q4:1.1.1.1.0.12 pkgsrc-2008Q4-base:1.1.1.1 pkgsrc-2008Q3:1.1.1.1.0.10 pkgsrc-2008Q3-base:1.1.1.1 cube-native-xorg:1.1.1.1.0.8 cube-native-xorg-base:1.1.1.1 pkgsrc-2008Q2:1.1.1.1.0.6 pkgsrc-2008Q2-base:1.1.1.1 cwrapper:1.1.1.1.0.4 pkgsrc-2008Q1:1.1.1.1.0.2 pkgsrc-2008Q1-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.2 date 2011.11.25.22.17.49; author joerg; state Exp; branches; next 1.1; 1.1 date 2008.03.04.11.33.02; author shannonjr; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2008.03.04.11.33.02; author shannonjr; state Exp; branches; next ; desc @@ 1.2 log @Fix build with modern GCC @ text @$NetBSD: patch-ab,v 1.1.1.1 2008/03/04 11:33:02 shannonjr Exp $ --- src/coolkey/machdep.cpp.orig 2007-02-14 00:46:28.000000000 +0000 +++ src/coolkey/machdep.cpp @@@@ -17,6 +17,8 @@@@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * ***** END COPYRIGHT BLOCK *****/ +/* Patch from RedHAT coolkey-1.1.0-5.el5.src.rpm */ + #include "machdep.h" #include "mypkcs11.h" #include "PKCS11Exception.h" @@@@ -32,6 +34,8 @@@@ #include #include #include +#include +#include #include #endif @@@@ -185,12 +189,20 @@@@ void OSSleep(int time) #define MAP_INHERIT 0 #endif +#ifndef BASEPATH +#ifdef MAC +#define BASEPATH "/var" +#else +#define BASEPATH "/var/cache" +#endif +#endif + #ifdef FULL_CLEANUP #define RESERVED_OFFSET 256 -#define MEMSEGPATH "/tmp/.pk11ipc" +#define MEMSEGPATH BASEPATH"/coolkey-lock" #else #define RESERVED_OFFSET 0 -#define MEMSEGPATH "/tmp/.pk11ipc1" +#define MEMSEGPATH BASEPATH"/coolkey" #endif struct SHMemData { @@@@ -208,11 +220,6 @@@@ SHMemData::~SHMemData() { #ifdef FULL_CLEANUP flock(fd,LOCK_EX); unsigned long ref = --(*(unsigned long *)addr); -#ifdef notdef - if (ref == 0) { - unlink(path); - } -#endif flock(fd, LOCK_UN); #endif munmap(addr,size+RESERVED_OFFSET); @@@@ -225,6 +232,73 @@@@ SHMemData::~SHMemData() { } } +/* + * The cache directory is shared and accessible by anyone, make + * sure the cache file we are opening is really a valid cache file. + */ +int safe_open(char *path, int flags, int mode, int size) +{ + struct stat buf; + int fd, ret; + + fd = open (path, flags|O_NOFOLLOW, mode); + + if (fd < 0) { + return fd; + } + + ret = fstat(fd, &buf); + if (ret < 0) { + close (fd); + return ret; + } + + /* our cache files are pretty specific, make sure we are looking + * at the correct one */ + + /* first, we should own the file ourselves, don't open a file + * that someone else wanted us to see. */ + if (buf.st_uid != getuid()) { + close(fd); + errno = EACCES; + return -1; + } + + /* next, there should only be one link in this file. Don't + * use this code to trash another file */ + if (buf.st_nlink != 1) { + close(fd); + errno = EMLINK; + return -1; + } + + /* next, This better be a regular file */ + if (!S_ISREG(buf.st_mode)) { + close(fd); + errno = EACCES; + return -1; + } + + /* if the permissions don't match, something is wrong */ + if ((buf.st_mode & 03777) != mode) { + close(fd); + errno = EACCES; + return -1; + } + + /* finally the file should be the correct size. This + * check isn't so much to protect from an attack, as it is to + * detect a corrupted cache file */ + if (buf.st_size != size) { + close(fd); + errno = EACCES; + return -1; + } + + /* OK, the file checked out, ok to continue */ + return fd; +} + SHMem::SHMem(): shmemData(0) {} SHMem * @@@@ -248,7 +322,7 @@@@ SHMem::initSegment(const char *name, int return NULL; } int mask = umask(0); - int ret = mkdir (MEMSEGPATH, 0777); + int ret = mkdir (MEMSEGPATH, 01777); umask(mask); if ((ret == -1) && (errno != EEXIST)) { delete shmemData; @@@@ -264,21 +338,16 @@@@ SHMem::initSegment(const char *name, int shmemData->path[sizeof(MEMSEGPATH)-1] = '/'; strcpy(&shmemData->path[sizeof(MEMSEGPATH)],name); - int mode = 0777; - if (strcmp(name,"token_names") != 0) { - /* each user gets his own uid array */ - sprintf(uid_str, "-%u",getuid()); - strcat(shmemData->path,uid_str); - mode = 0700; - } + sprintf(uid_str, "-%u",getuid()); + strcat(shmemData->path,uid_str); + int mode = 0600; + shmemData->fd = open(shmemData->path, O_CREAT|O_RDWR|O_EXCL|O_APPEND|O_EXLOCK, mode); - if (shmemData->fd < 0) { - needInit = false; - shmemData->fd = open(shmemData->path,O_RDWR|O_EXLOCK, mode); - } else { + if (shmemData->fd >= 0) { char *buf; int len = size+RESERVED_OFFSET; + int ret; buf = (char *)calloc(1,len); if (!buf) { @@@@ -289,8 +358,22 @@@@ SHMem::initSegment(const char *name, int delete shmemData; return NULL; } - write(shmemData->fd,buf,len); + ret = write(shmemData->fd,buf,len); + if (ret != len) { + unlink(shmemData->path); +#ifdef FULL_CLEANUP + flock(shmemData->fd, LOCK_UN); +#endif + delete shmemData; + return NULL; + } + free(buf); + } else if (errno == EEXIST) { + needInit = false; + + shmemData->fd = safe_open(shmemData->path,O_RDWR|O_EXLOCK, mode, + size+RESERVED_OFFSET); } if (shmemData->fd < 0) { delete shmemData; @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- src/coolkey/machdep.cpp.orig 2007-02-13 17:46:28.000000000 -0700 d14 10 a23 1 @@@@ -185,12 +187,20 @@@@ void OSSleep(int time) d46 1 a46 1 @@@@ -208,11 +218,6 @@@@ SHMemData::~SHMemData() { d58 1 a58 1 @@@@ -225,6 +230,73 @@@@ SHMemData::~SHMemData() { d132 1 a132 1 @@@@ -248,7 +320,7 @@@@ SHMem::initSegment(const char *name, int d141 1 a141 1 @@@@ -264,21 +336,16 @@@@ SHMem::initSegment(const char *name, int d169 1 a169 1 @@@@ -289,8 +356,22 @@@@ SHMem::initSegment(const char *name, int @ 1.1.1.1 log @Provides driver support for the CoolKey and Common Access Card (CAC) smart card used in a Public Key Infrastructure (PKI). The libpkcs11 module allows use of Smart Cards in applications that use mozilla Network Security Services (NSS). @ text @@