[Gnash-commit] gnash libbase/rc.h libbase/rc.cpp server/asobj/...

[Rob Savoye]

CVSROOT:        /sources/gnash
Module name:    gnash
Changes by:     Rob Savoye <rsavoye>    07/12/26 00:46:49

Modified files:
        libbase        : rc.h rc.cpp 
        server/asobj   : SharedObject.cpp 
        .              : ChangeLog 

Log message:
                * libbase/rc.{cpp,h}: Add new security options for Shared 
Objects
                and Local Connections. Make extractNumber() return a uint32_t
                intead of just an int as we keep overflowing strtol().
                * server/asobj/SharedObject.cpp: Use new security options for
                files.

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/libbase/rc.h?cvsroot=gnash&r1=1.37&r2=1.38
http://cvs.savannah.gnu.org/viewcvs/gnash/libbase/rc.cpp?cvsroot=gnash&r1=1.48&r2=1.49
http://cvs.savannah.gnu.org/viewcvs/gnash/server/asobj/SharedObject.cpp?cvsroot=gnash&r1=1.21&r2=1.22
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.5255&r2=1.5256

Patches:
Index: libbase/rc.h
===================================================================
RCS file: /sources/gnash/gnash/libbase/rc.h,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -b -r1.37 -r1.38
--- libbase/rc.h        20 Dec 2007 02:57:11 -0000      1.37
+++ libbase/rc.h        26 Dec 2007 00:46:48 -0000      1.38
@@ -27,6 +27,7 @@
 
 #include <string>
 #include <vector>
+#include <sys/shm.h>           // for key_t
 
 namespace gnash {
   
@@ -145,14 +146,28 @@
     // Set the location of the sandbox for .sol files
     void setSOLSafeDir(std::string &x) { _solsandbox = x; }
 
+    bool getSOLLocalDomain() const { return _sollocaldomain; }
+    void setSOLLocalDomain(bool x) { _sollocaldomain = x; }
+    bool getSOLReadOnly() const { return _solreadonly; }
+    void setSOLReadOnly(bool x) { _solreadonly = x; }
+    bool getLocalConnection() const { return _lcdisabled; }
+    void setLocalConnection(bool x) { _lcdisabled = x; }
+    // Enable tracing all LocalConnection traffic
+    bool getLCTrace() const { return _lctrace; }
+    void setLCTrace(bool x) { _lctrace = x; }
+
+    // 
+    key_t getLCShmKey() const { return _lcshmkey; }
+    void setLCShmKey(bool x) { _lcshmkey = x; }
+    
     void dump();    
 
 private:
-    int  _delay;                // the timer delay
-    int  _movieLibraryLimit;    // max number of movie clips to store in the 
library
+    uint32_t  _delay;                // the timer delay
+    uint32_t  _movieLibraryLimit;    // max number of movie clips to store in 
the library
     bool _debug;                // enable debugging of this class
     bool _debugger;             // enable the Flash movie debugger
-    int  _verbosity;
+    uint32_t  _verbosity;
     std::string  _flashVersionString;   // String to pass as $version in 
Actionscript
     std::string  _flashSystemOS;        // String to pass as 
System.capabilities.os
                                        // in Actionscript. If empty, leaves 
detection
@@ -204,7 +219,12 @@
     // or read from.
     std::string _solsandbox;
 
-  protected:
+    bool _solreadonly;
+    bool _sollocaldomain;
+    bool _lcdisabled;
+    bool _lctrace;
+    key_t _lcshmkey;
+protected:
     
     /// Construct only by getDefaultInstance()
     RcInitFile();
@@ -217,7 +237,7 @@
     static bool extractSetting(bool *var, const char *pattern,
                         std::string &variable, std::string &value);
     
-    static int extractNumber(int *num, const char *pattern,
+    static uint32_t extractNumber(uint32_t *num, const char *pattern,
                         std::string &variable, std::string &value);
 
     static void extractDouble(double& out, const char *pattern,

Index: libbase/rc.cpp
===================================================================
RCS file: /sources/gnash/gnash/libbase/rc.cpp,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -b -r1.48 -r1.49
--- libbase/rc.cpp      20 Dec 2007 02:57:11 -0000      1.48
+++ libbase/rc.cpp      26 Dec 2007 00:46:48 -0000      1.49
@@ -30,9 +30,12 @@
 # include <pwd.h>
 #endif
 
+#include <boost/cstdint.hpp>
 #include <sys/types.h>
 #include <unistd.h> // for getuid()
 #include <sys/stat.h>
+#include <cerrno>
+#include <limits.h>
 
 #include <cctype>  // for toupper
 #include <string>
@@ -85,7 +88,11 @@
                           _extensionsEnabled(false),
                           _startStopped(false),
                           _insecureSSL(false),
-                          _streamsTimeout(DEFAULT_STREAMS_TIMEOUT)
+                          _streamsTimeout(DEFAULT_STREAMS_TIMEOUT),
+                           _solreadonly(false),
+                           _sollocaldomain(false),
+                           _lcdisabled(false),
+                           _lctrace(true)
 
 {
 //    GNASH_REPORT_FUNCTION;
@@ -152,8 +159,8 @@
     return *var;
 }
 
-int
-RcInitFile::extractNumber(int *num, const char *pattern, string &variable,
+uint32_t
+RcInitFile::extractNumber(uint32_t *num, const char *pattern, string &variable,
                            string &value)
 {      
 //    GNASH_REPORT_FUNCTION;
@@ -162,7 +169,12 @@
 
 //        log_msg ("%s: %s", variable.c_str(), value.c_str());
     if ( noCaseCompare(variable, pattern) ) {
-        *num = strtol(value.c_str(), NULL, 0);
+        *num = strtoul(value.c_str(), NULL, 0);
+        if (*num == LONG_MAX) {
+            long long foo = strtoll(value.c_str(), NULL, 0);
+            log_error("Conversion overflow!: %ll", foo);
+            
+        }
     }
     return *num;
 }
@@ -439,6 +451,15 @@
                      extractNumber(&_movieLibraryLimit, "movieLibraryLimit", 
variable, value);                
                      extractNumber(&_delay, "delay", variable, value);
                      extractNumber(&_verbosity, "verbosity", variable, value);
+
+
+                     extractSetting(&_solreadonly, "SOLReadOnly", variable,
+                               value);
+                     extractSetting(&_lcdisabled, "LocalConnection", variable,
+                               value);
+                     extractSetting(&_lctrace, "LCTrace", variable,
+                               value);
+                     extractNumber((uint32_t *)&_lcshmkey, "LCShmkey", 
variable, value);
                }
             }
         } while (!in.eof());

Index: server/asobj/SharedObject.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/asobj/SharedObject.cpp,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -b -r1.21 -r1.22
--- server/asobj/SharedObject.cpp       24 Dec 2007 18:21:03 -0000      1.21
+++ server/asobj/SharedObject.cpp       26 Dec 2007 00:46:49 -0000      1.22
@@ -171,7 +171,7 @@
 as_value
 sharedobject_clear(const fn_call& fn)
 {
-    GNASH_REPORT_FUNCTION;
+//    GNASH_REPORT_FUNCTION;
     boost::intrusive_ptr<SharedObject> obj = 
ensureType<SharedObject>(fn.this_ptr);
     UNUSED(obj);
     
@@ -193,6 +193,13 @@
 //    log_msg("Flushing to file %s", obj->getFilespec().c_str());        
     VM& vm = obj->getVM();
 
+#ifndef USE_SOL_READONLY
+    if (rcfile.getSOLReadOnly() ) {
+        log_security("Attempting to write object when it's SOL Read Only is 
set! Refusing...",
+                     obj->getFilespec().c_str());
+        return as_value(false);
+    }
+    
     // TODO: cache the dataKey in SharedObject prototype on first use ?
     //       a SharedObject::getDataKey() might do...
     string_table::key dataKey = vm.getStringTable().find("data");
@@ -212,15 +219,17 @@
     string newspec; 
     newspec += obj->getFilespec();
     sol.writeFile(newspec, obj->getObjectName().c_str());
-    
     return as_value(true); // TODO: check expected return type from 
SharedObject.flush
+#else
+    return as_value(false);
+#endif
 }
 
 // Set the file name
 as_value
 sharedobject_getlocal(const fn_call& fn)
 {
-    GNASH_REPORT_FUNCTION;
+//    GNASH_REPORT_FUNCTION;
     // This should return a SharedObject, and it's a static function
     
 //    static boost::intrusive_ptr<as_object> obj = new 
as_object(getSharedObjectInterface());
@@ -267,6 +276,12 @@
         strcpy(domain, "localhost");
     }
 
+    if ((rcfile.getSOLLocalDomain()) && (strcmp(domain, "localhost") > 0) ) {
+        log_security("Attempting to open non localhost created SOL file!!",
+                     obj->getFilespec().c_str());
+        return as_value(false);
+     }
+
     newspec += domain;
     newspec += "/";    
     if (fn.nargs == 2) {
@@ -345,7 +360,7 @@
         } 
         if (el->type == AMF::STRING) {
             if (el->length == 0) {
-                ptr->set_member(st.string_table::find(el->name), 
as_value("undefined"));
+                ptr->set_member(st.string_table::find(el->name), as_value(""));
             } else {
                 string str = (const char *)el->data;
                 ptr->set_member(st.string_table::find(el->name), 
as_value(str));
@@ -365,7 +380,7 @@
 as_value
 sharedobject_getsize(const fn_call& fn)
 {
-    GNASH_REPORT_FUNCTION;
+//    GNASH_REPORT_FUNCTION;
     boost::intrusive_ptr<SharedObject> obj = 
ensureType<SharedObject>(fn.this_ptr);
     return as_value(obj->size());
 }

Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.5255
retrieving revision 1.5256
diff -u -b -r1.5255 -r1.5256
--- ChangeLog   25 Dec 2007 18:56:05 -0000      1.5255
+++ ChangeLog   26 Dec 2007 00:46:49 -0000      1.5256
@@ -1,3 +1,11 @@
+2007-12-25  Rob Savoye  <address@hidden>
+
+       * libbase/rc.{cpp,h}: Add new security options for Shared Objects
+       and Local Connections. Make extractNumber() return a uint32_t
+       intead of just an int as we keep overflowing strtol().
+       * server/asobj/SharedObject.cpp: Use new security options for
+       files.
+
 2007-12-25 Sandro Santilli <address@hidden>
 
        * server/asobj/MovieClipLoader.cpp: remove dead code.