2010-07-21 Dario Rodriguez <dario.rodriguez@artica.es>

* win32/pandora_agent_conf.cc, pandora_agent_conf.h: Added logic to search existing collections in config file, and checking for ".." substrings in path for security reasons. * win32/pandora_windows_service.h, pandora_windows_service.cc: Added logic to remove incoherences between collections directory and collection list of config file. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3045 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2010-07-21 10:03:20 +00:00 · 2010-07-21 10:03:20 +00:00 · 2b18bd0ef7
parent 033040b10f
commit 2b18bd0ef7
5 changed files with 91 additions and 5 deletions
--- a/pandora_agents/ChangeLog
+++ b/pandora_agents/ChangeLog
@ -1,3 +1,12 @@
 2010-07-21  Dario Rodriguez <dario.rodriguez@artica.es>
 	* win32/pandora_agent_conf.cc, pandora_agent_conf.h: Added logic to search 
 	existing collections in config file, and checking for ".." substrings in 
 	path for security reasons.
 	* win32/pandora_windows_service.h, pandora_windows_service.cc: Added logic
 	to remove incoherences between collections directory and collection list 
 	of config file.
 2010-07-20  Dario Rodriguez <dario.rodriguez@artica.es>
 	* win32/pandora_agent_conf.cc, pandora_agent_conf.h: Added a variable to
@ -7,11 +16,11 @@
 2010-07-16  Dario Rodriguez <dario.rodriguez@artica.es>
-        * misc/pandora_file.cc: fixed error that caused double free.
+        * win32/misc/pandora_file.cc: fixed error that caused double free.
 2010-07-16  Dario Rodriguez <dario.rodriguez@artica.es>
-        * misc/pandora_file.cc: fixed unclosed directory with function closedir
+        * win32/misc/pandora_file.cc: fixed unclosed directory with function closedir
 	and control posible delete errors.
 2010-07-16  Dario Rodriguez <dario.rodriguez@artica.es>
--- a/pandora_agents/win32/pandora_agent_conf.cc
+++ b/pandora_agents/win32/pandora_agent_conf.cc
@ -103,8 +103,12 @@ Pandora::Pandora_Agent_Conf::setFile (string filename) {
 				aux = new Collection();
 				aux->name = trim (collection_name);
 				/*Check for ".." substring for security issues*/
 				if ( collection_name.find("..") == string::npos ) {
 					aux->verify = 0;
 					collection_list->push_back (*aux);
 				}
 				continue;
 			}
 			/*Check if is a module*/
@ -185,6 +189,28 @@ Pandora::Pandora_Agent_Conf::setCurrentCollectionVerify() {
 	collection_it->verify = 1;
 }
 /**
 * Check is there is a collection with the same name in the list
 * 
 * @param The name of the collection to check.
 * 
 * @return True if there is a collection with the same name.
 */
 bool
 Pandora::Pandora_Agent_Conf::isInCollectionList(string name) {
 	list<Collection>::iterator p;
 	string name_md5;
 	for (p = collection_list->begin();p != collection_list->end();p++) {
 			name_md5 = p->name+".md5";
 			if ( (strcmp(p->name.c_str(), name.c_str()) == 0)  || 
 				(strcmp(name_md5.c_str(), name.c_str()) == 0)){
 				return true;
 			}
 	}
 	return false;
 }
 /**
 * Set iterator pointing to the first collection of the list.
 * 
--- a/pandora_agents/win32/pandora_agent_conf.h
+++ b/pandora_agents/win32/pandora_agent_conf.h
@ -61,6 +61,7 @@ namespace Pandora {
 		void             goNextCollection      ();
 		bool             isLastCollection      ();
 		bool			isInCollectionList(string name);
 	};
 }
--- a/pandora_agents/win32/pandora_windows_service.cc
+++ b/pandora_agents/win32/pandora_windows_service.cc
@ -33,6 +33,10 @@
 #include <cstdlib>
 #include <ctime>
 #include <direct.h>
 #include <sys/types.h>
 #include <dirent.h>
 #include <sys/stat.h>
 #include <pandora_agent_conf.h>
 using namespace std;
 using namespace Pandora;
@ -633,8 +637,50 @@ Pandora_Windows_Service::unzipCollection(string zip_path, string dest_dir) {
 	CloseHandle (pi.hProcess);
 	return 0;	
 }
 /*
 * Check the disk for collections installed
 */
 void
 Pandora_Windows_Service::purgeDiskCollections () {
 	DIR *dir;
 	struct dirent *dir_content;
 	struct stat file;
 	string tmp, filepath;
 	filepath = Pandora::getPandoraInstallDir() +"collections\\";
 	/*Open the directory*/
 	dir = opendir (filepath.c_str ());
 	/*Read the directory looking for files and folders*/
 	dir_content = readdir(dir);
 	while (dir_content != NULL) {
 		stat(tmp.c_str(),&file);
 		/*If is a folder, check for . and .. */
 		if ( (strcmp(dir_content->d_name,".") != 0) && (strcmp(dir_content->d_name,"..") != 0) ) {
 			/*If the file is not in collection list, delete the file*/
 			if(! conf->isInCollectionList(dir_content->d_name) ) {
 				tmp = filepath+dir_content->d_name;
 				Pandora_File::removeDir(tmp);
 			}
 		}
 		/*Next item*/
 		dir_content = readdir(dir);	
 	}
 	/*Close dir oppened*/
 	closedir(dir);	
 }
 /*
 * Check collections to sync it between server and agent
 */
 void
 Pandora_Windows_Service::checkCollections () {
 	int flag, i;
@ -836,6 +882,7 @@ Pandora_Windows_Service::checkCollections () {
 		/*Go to next collection*/		
 		conf->goNextCollection();
 	}
 	purgeDiskCollections ();
 }
 void
--- a/pandora_agents/win32/pandora_windows_service.h
+++ b/pandora_agents/win32/pandora_windows_service.h
@ -47,6 +47,7 @@ namespace Pandora {
 		long                 transfer_interval;
 		bool                 started;
 		void                 *udp_server;
 		list<string> collection_disk;
 		string        getXmlHeader    ();
 		int           copyDataFile    (string filename);
@ -73,8 +74,10 @@ namespace Pandora {
 		void	       checkCollections ();
 		void		   addCollectionsPath();
 		void           checkConfig ();
 		void		 purgeDiskCollections ();
 		Pandora_Windows_Service     ();
 	public:
 		void           pandora_run  ();
 		void           pandora_init ();